For organizations in the healthcare space, the United States Health Insurance Portability and Accountability Act (HIPAA) can be a daunting hurdle, especially when it comes to data collection. From securely gathering Protected Health Information (PHI) to sending and storing files, understanding how your data is secured is important to maintaining the utmost confidence in your data collection system.
At FormAssembly, we are committed to helping our clients meet their organizational objectives, which often means evolving, growing, and innovating our services and solutions to better meet customer needs.
Our evolving Compliance Cloud offering gives customers key data security options to ensure their data is collected, stored, and transmitted in a compliant manner without jeopardizing the Confidentiality, Integrity, and Availability (also known as the CIA Triad) of data. So, what does this mean for your organization? Here are 6 ways using FormAssembly’s Compliance Cloud plan will help ensure that your PHI or sensitive data is secure and available.
Through not only claiming but proving compliance
We are proud to say that after several years of process and operational development, we maintain our HIPAA compliance. In order to achieve continuous compliance we must undergo ongoing GAP and Risk assessments, and continually follow industry best practices, such as NIST, ISO, PCI, and HITECH requirements and guidelines. Additionally, we are audited by an independent data security firm, Crimson Security Inc., in our Compliance Cloud environment not only yearly, but continually throughout the year. Beyond technological upgrades and structural security improvements, HIPAA compliance requires stringent operational protocols to ensure that your data is kept secure. These operational protocols include critical security checkpoints and measures, such as background checks, complete data control and delegation restrictions, encryption best practices, a robust patch management process, internal and external penetration tests, and a detailed SDLC process.
At FormAssembly, we have implemented these and other operational protocols to ensure that your data is collected and held in the most secure manner possible without compromising Confidentiality, Integrity, and Availability.
By using state-of-the-art encryption best practices
Data collected with FormAssembly plans is encrypted in transit and at rest. Encryption keys are vital to the protection of transactions and stored data. Key management is deployed at a level that is commensurate with the critical function that those keys serve. In order to protect against disclosure and misuse, access to encryption keys is restricted and dual-controlled. All data that is flagged as sensitive is encrypted using private keys generated specifically for the associated user. This data is also stored on an encrypted disk, which further protects the physical disk in the event of an emergency. These encryption best practices ensure your data is secured at rest without being altered or disclosed
By providing customizable and flexible password protection
HIPAA compliance is accompanied by a number of systems and processes that require stringent operational protections and precautions. Our Compliance Cloud offers completely customizable control over password administration, requirements, and restrictions. We adhere to PCI DSS Level 1 password requirements on all FormAssembly plans, and HIPAA password requirements for our Compliance Cloud plan.
Also, keeping with the promise of HIPAA compliant security, our Compliance Cloud allows customers to access secure mechanisms for data transmission. All data in motion is encrypted using HTTPS TLS 1.2. This allows enterprises the ability to collect and store PHI or other sensitive data via a controlled and compliant environment without worry.
By offering secure storage options
Our Compliance Cloud is structured using secure servers, allowing organizations with an increased security need access to the processes and procedures that they require, without investing exorbitant amounts of time and money on creating new systems internally. We offer data residency in North America, Europe, and Asia-Pacific.
Customer data is part of a shared infrastructure, but each client has their own logically separate application server and their own separate database. This ensures customer data is not commingled. Since the protection of your data is so important to us, we have made it so the FormAssembly support team only has access to instances for operational purposes e.g., back-ups and support. The support team does not have access to any customer data unless the administrator of the account in question grants them temporary access.
By offering first-class priority
As a Compliance Cloud customer, you can rest assured that we will treat your account, data, and interactions with the utmost priority and commitment. From first-response attention in the event of a disaster to quality assurance and backup protocols during day-to-day interactions, we are committed to offering you the highest quality service without compromise. Compliance Cloud customers will receive priority support, which includes one-hour initial response times 24/5, with email and chat communication available.
By partnering with Amazon Web Services
The FormAssembly environment is hosted at SOC 3, type II audited data centers operated by Amazon Web Services. Every datacenter contains high-end security, including surveillance, biometric access controls, 24-7 staffing, visitor logs, and environmental controls. All physical access to servers is restricted to authorized personnel only.
AWS gives FormAssembly ownership and control over your content through simple, powerful tools that allow us to determine where your content will be stored, how it will be secured, and how your data is handled during transit and at rest.
Navigating the waters of HIPAA compliance is not always easy, but using FormAssembly for data collection can help streamline your processes and increase your productivity.