This HIPAA compliance statement describes our protected health information (PHI) protection policies, procedures, controls and measures to ensure maximum and ongoing compliance.
The United States’ Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a regulation that applies to hospitals, medical services providers, employer sponsored health plans, research facilities, and insurance companies that directly deal with patients and their healthcare data. Along with related regulations such as the Health Information Technology for Economic and Clinical Health Act (HITECH), HIPAA aims to protect the security and privacy of protected health information (PHI) of U.S. citizens.
The HIPAA Privacy Rule or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The HIPAA Security Rule or the Security Standards for the Protection of Electronic Protected Health Information establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI).
PHI comprises personally identifiable health-related data, including insurance and billing information, data on diagnosis and clinical care, as well as lab test results and scans. The HIPAA rules also cover businesses associated with (or are vendors to) the healthcare organizations covered under the regulation.
HIPAA and its related regulations require several administrative, physical, and technical measures to assure the confidentiality, integrity and availability of electronic protected health information.
ShieldSquare does not collect ePHI by design and does not require access to personal data streams for bot detection purposes. ShieldSquare has taken steps to ensure that we are HIPAA compliant, as our partners and customers in the healthcare industry may store, process, and transmit such data due to the nature of their business.
We are also GDPR compliant, and all our technical, operational, and administrative systems comply with the ‘Privacy by design’ and ‘Privacy by default’ standards required by the GDPR. HIPAA compliance provides an additional layer of security in handling any personal healthcare data that may pass through our infrastructure.
To comply with HIPAA, ShieldSquare has:
- Conducted a thorough Risk Assessment
- Developed and deployed the Information System Activity review process
- Implemented a Risk Management program
- Implemented policies and procedures for authorizing access, including log-in monitoring and password management
- Implemented protection from malicious software
- Conducted relevant training for our employees
- Developed and implemented procedures to respond to and report security incidents
- Developed a contingency planning policy, and data backup and disaster recovery plans
- Determined the activities that will be tracked or audited
- Deployed tools for auditing and system activity reviews
- Determined authentication applicability to current systems and applications
- Conducted an analysis of existing physical security vulnerabilities
- Identified all methods of physical access to workstations
We are committed to ensuring the security and protection of the protected health information that we process, and to provide a compliant and consistent approach to protection of such data. We have a stringent data protection program in place which complies with existing law and abides by data protection principles. Our compliance program has been updated and broadened to ensure that we are also HIPAA-compliant.