Is Datafied HIPAA complaint?
Yes, Datafied is HIPAA compliant. We strive to adhere to all of the privacy standards that HIPAA provides. We offer administrative, physical, and technical protection of data.
Administrative protections:
- Security management – policies to prevent, detect, contain, and correct security violations; risk analysis, risk management, and sanction/security policies
- Assigned responsibility – single individual must have responsibility, assigned in writing, for the overall security of a covered entity’s information
- Workforce security – only authorized staff may have access to information
- Information access – policies for authorizing, establishing, and modifying access to information
- Security awareness/training – program for entire staff developed and maintained
- Security incident procedures – policies are in place to report, respond to and manage security incidents
- Business Continuation plan – for response to disaster/emergency that damages information systems containing information
- Evaluation – periodically determine the extent that our security policies meet the ongoing requirements
- Business Associate Agreement – states that we will adequately safeguard the information
Physical protections:
- Facility access – limit physical access to information
- Workstation use – policy specifies the use of workstations and the characteristics of the physical environment of workstations that can access information
- Workstation security – limited only to authorized users
- Equipment Controls – for recovered information and removal of hardware and electronic media containing information
Technical protections:
- Access control – only authorized personnel have access
- Audit controls – to record and examine activity within systems
- Integrity – to protect information from improper modification or destruction
- Person/entity authentication – to verify that persons seeking access to information are who they claim to be
- Transmission security – to prevent unauthorized access to information that is transmitted over an electronic network (i.e., the Internet or an Intranet)