Healthie Security and Privacy
Healthie is HIPAA, PIPEDA, FERPA, PCI, AUS Privacy Act, CCPA, and GDPR Compliant
Healthie has also supported customers by completing (and passing) rigorous security & vendor assessments. We conduct regular external Gap and security assessments, as well as an annual third-party penetration test. If you are interested in our support in this process, or have any questions about Healthie's Security & Privacy, please Contact Us.
IN THIS ARTICLE:
HIPAA Compliance & Business Associate's Agreement (BAA)
- The Health Insurance Portability and Accountability Act (HIPAA) is a series of US regulations that protects personal health information. Healthie is compliant with the HIPAA Privacy Rule, the HIPAA Security Rule, the HIPAA Breach Notification Rule, the HIPAA Administrative Safeguards, and the HIPAA Physical Safeguards.
Business Associates Agreements are in place with strategic partners and site sessions are encrypted with 512-bit Secure Socket Layer technology. Healthie signs a Business Associate’s Agreement with entities, and access to specific provider and client profiles is highly limited, regulated, and closely monitored. Team members have signed agreements in place accordingly.
Please find details here on Healthie’s HIPAA Compliance:
- Healthie HIPAA Compliance Security Overview: Link to document here
- Healthie HIPAA Compliance Technical Safeguard: Link to document here
You can view a copy of Healthie's Business Associate's Agreement (BAA) here.
- The Personal Information Protection and Electronic Documents Act (PIPEDA) is a series of Canadian regulations that protect personal health data. Healthie’s infrastructure protects personal information in compliance with PIPEDA.
Healthie works with dozens of Universities to provide software for campus wellness, sports nutrition, clinical services, and other University needs.
Healthie is FERPA Compliant, and upon request via e-mail to firstname.lastname@example.org, can share details with your Organization.
AUS Privacy Act
- The AUS Privacy Act includes thirteen Australian Privacy Principles that outlines how personal information must be protected, secured, and stored by health care providers and professional entities. Healthie follows the AUS Privacy Act.
- Healthie is CCPA compliant, to be consistent with California's Consumer Privacy Act which outlines how companies must protect consumer information
- Healthie is GDPR-compliant, to be consistent with the EU's updated General Data Protection Regulations.
Healthie is PCI Compliant
What is PCI Compliance?
The Payment Card Industry Data Security Standard, a set of security measures designed to ensure a secure environment for transmitted credit card information. Healthie’s payment processor is certified as PCI Service Provider Level 1, the highest possible level. Healthie tokenizes and encrypts all payment information and payment information is not stored by Healthie, nor accessible to anyone within the organization.
What makes Healthie PCI Compliant?
We partner with Stripe and Microsoft's Azure on PCI compliance:
- Stripe's compliance - https://stripe.com/docs/security/stripe
- Acutal certification - http://www.visa.com/splisting/searchGrsp.do?companyNameCriteria=stripe
Azure compliance - https://www.microsoft.com/en-us/trustcenter/Compliance/HIPAA
Healthie integrates with HIPAA-compliant Zoom
The HIPAA-compliant level of Zoom is available via Healthie, which is the most secure version of Zoom available. HIPAA-compliant Zoom is used by hospitals, medical facilities, and clinics all over the world for end-to-end 256-bit AES encrypted and secure video and audio calls. This offers an added layer of protection over direct-to-consumer version of Zoom available to the public. Healthie has a Business Associate's Agreement signed with Zoom, which outlines how client information is protected and fully encrypted.
Healthie also offers a built-in WebRTC solution for video chat that does not utilize Zoom. Providers can alternatively choose to utilize Zoom or our built in telehealth software, when they go to schedule a call.
Healthie Back Up Procedures
Information held in Healthie is secured and backed up regularly on our servers; we partner with AWS, Aptible, and Microsoft Azure to ensure that data is encrypted and prevent data loss. We keep full audit trails of information if ever needed. If you would like an export of your information for personal records, please e-mail email@example.com
Healthie leverages Aptible to meet SOC 2 Guidelines. A Report can be made available to you upon request to firstname.lastname@example.org