HIPAA Compliance

DATABASICS is committed to safeguarding the privacy and security of our customers' health information, especially for those in the healthcare industry. To uphold this commitment, we comply with the Health Insurance Portability and Accountability Act (HIPAA) and maintain external audits for SOC 1 Type II, SOC 2 Type II, and PCI Level 1 compliance, reinforcing our dedication to robust security practices.

To ensure HIPAA compliance, we have taken the following steps through self-certification:

1. Physical Safeguards: We implement stringent physical security measures to protect locations where electronic Protected Health Information (ePHI) is stored or accessed. These measures include access control systems, door locks, and alarms to prevent unauthorized access.

2. Administrative Safeguards: Our employees receive thorough training on HIPAA requirements and their responsibilities in safeguarding sensitive health information. We have established policies and procedures covering security awareness, access controls, incident response, and contingency planning.

3. Technical Safeguards: We secure our systems and networks that manage ePHI through robust access controls, encryption, and audit logs, ensuring that sensitive data is protected.

4. Business Associate Compliance: We ensure that our business associates, including vendors and third parties with access to ePHI, comply with HIPAA. We perform a rigorous verification process to confirm their compliance and maintain appropriate documentation.

5. Risk Assessments: Regular risk assessments are conducted to identify and address vulnerabilities within our systems. Any identified risks are mitigated, and the results are documented for ongoing reference.

6. Documentation: Comprehensive records of our compliance efforts, such as policies, procedures, risk assessments, and training materials, are maintained and regularly reviewed to ensure ongoing compliance.

7. Privacy and Security Officers: We have designated Privacy and Security Officers who oversee our compliance efforts. These officers ensure that our policies remain current and that all employees are adequately trained on HIPAA requirements. Our Privacy Policy is also certified annually by TrustArc.

8. Breach Notification: In the event of a breach involving unsecured ePHI, we have a process in place to promptly notify affected individuals, the Department of Health and Human Services, and other necessary parties.

9. Access to ePHI: We have established a clear process for responding to requests for access to ePHI, ensuring compliance with the HIPAA Privacy Rule and providing timely access to individuals requesting their own ePHI.

10. Ongoing Review and Updates: Our HIPAA compliance program is regularly reviewed and updated to ensure we stay aligned with any changes in HIPAA regulations and best practices.

11. Complaint Handling: We have procedures in place for addressing HIPAA-related complaints and violations. We also provide a reporting mechanism for employees to report suspected violations or breaches, ensuring a thorough investigation.

12. Access Control: Access to ePHI is limited to employees who require it to perform their job duties. This access is granted on a "need-to-know" basis and is periodically reviewed for appropriateness.

13. Secure Disposal of ePHI: We have protocols for securely disposing of ePHI that is no longer needed, ensuring that it cannot be reconstructed or accessed by unauthorized individuals.

14. Disaster Recovery and Business Continuity: Our disaster recovery and business continuity plan includes strategies to protect and recover ePHI during emergencies. This plan covers backup procedures, alternative communication methods, and emergency work locations.

We regularly conduct HIPAA compliance audits to assess the effectiveness of our safeguards. These audits review administrative, physical, and technical controls to ensure ongoing adherence to HIPAA regulations. DATABASICS' commitment to HIPAA compliance is reinforced by our dedicated Privacy and Security Officers, strong safeguards, risk assessments, business associate compliance, thorough documentation, and responsive breach notification processes. Our SOC 1, SOC 2 Type II audits, and PCI Level 1 compliance further demonstrate our unwavering commitment to protecting the privacy and security of our customers' health information. We are confident in our ability to meet the highest compliance standards and safeguard sensitive health data in accordance with HIPAA.