HIPAA

HIPAA


We take security seriously

Your information privacy and security is incredibly important to us. In the US, protected health information (PHI) that falls under the Health Insurance Portability and Accountability Act (HIPAA) rules, set by the government must be protected in accordance with HIPAA.

When we started configuring servers and databases for RingMD, we spent lots of time and energy learning about HIPAA and creating security and access controls that map to specific HIPAA rules. We built RingMD with your privacy and security in mind.

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 extended the HIPAA security rule, requiring that organizations implement policies and procedures to prevent, detect, contain, and correct security violations. To address these regulations, RingMD is hosted on secure servers specifically configured and mapped to HIPAA and HITECH.

Using RingMD comes with the following health grade features:

HIPAA 164.312(B) - IMPLEMENT HARDWARE, SOFTWARE, AND/OR PROCEDURAL MECHANISMS THAT RECORD AND EXAMINE ACTIVITY IN INFORMATION SYSTEMS THAT CONTAIN OR USE ELECTRONIC PROTECTED HEALTH INFORMATION.

Full Audit, Access History, and Device Access Logs for all records in the system, including:

  • organization creation / deletion
  • user creation / deletion / update
  • application creation / deletion / update
  • user login
  • user logout
  • user access data
  • user change data
  • admin login
  • admin view data
  • admin change data
  • data storage creation / deletion / update

HIPAA 164.312(A)(1) - IMPLEMENT TECHNICAL POLICIES AND PROCEDURES FOR ELECTRONIC INFORMATION SYSTEMS THAT MAINTAIN ELECTRONIC PROTECTED HEALTH INFORMATION TO ALLOW ACCESS ONLY TO THOSE PERSONS OR SOFTWARE PROGRAMS THAT HAVE BEEN GRANTED ACCESS RIGHTS AS SPECIFIED IN §164.308(A)(4).

  • Provide multi-factor / level access controls and account validation.
  • Mobile Phone Number / Voice Call
  • SMS / Text Message Validation

HIPAA 164.312(C)(1) - IMPLEMENT POLICIES AND PROCEDURES TO PROTECT ELECTRONIC PROTECTED HEALTH INFORMATION FROM IMPROPER ALTERATION OR DESTRUCTION.

Logging information is securely replicated and stored in multiple geo-redundant locations.

HIPAA 164.310(A)(2)(II) - IMPLEMENT POLICIES AND PROCEDURES TO SAFEGUARD THE FACILITY AND THE EQUIPMENT THEREIN FROM UNAUTHORIZED PHYSICAL ACCESS, TAMPERING, AND THEFT.

Strictly enforced security incident reporting process.

HIPAA 164.310(A)(1) - IMPLEMENT POLICIES AND PROCEDURES TO LIMIT PHYSICAL ACCESS TO ITS ELECTRONIC INFORMATION SYSTEMS AND THE FACILITY OR FACILITIES IN WHICH THEY ARE HOUSED, WHILE ENSURING THAT PROPERLY AUTHORIZED ACCESS IS ALLOWED.

SAS 70 Physical security for all cloud hardware. Hardware is high availability (99.9+% uptime).

HIPAA 164.312(A)(2)(IV) - IMPLEMENT A MECHANISM TO ENCRYPT AND DECRYPT ELECTRONIC PROTECTED HEALTH INFORMATION.

  • Any data containing PHI is encrypted at rest.
  • Developers maintain full control over their cryptographic keys.
  • All data in transit, between apps, people, and RingMD is protected using SSL encryption that supports or exceeds industry standards.