The Health Insurance Portability and Accountability Act of 1996 (HIPAA) applies to "covered entities" and "business associates." Covered entities include health care providers engaged in certain electronic transactions, health plans, and health care clearinghouses. Business associates are entities that provide services to a covered entity that involve access by the business associate to Protected Health Information (PHI), as well as entities that create, receive, maintain, or transmit PHI on behalf of another business associate. HIPAA was expanded in 2009 by the Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA and HITECH establish a set of federal standards intended to protect the security and privacy of PHI. HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities.
For additional information on HIPAA and HITECH, visit http://www.hhs.gov/ocr/privacy.
Scholar's App uses Google Cloud Platform (GCP) and Firebase to continually expand coverage against the most important global standards. As such, Scholar's App provides industry recognized certifications and audits such as the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process.
Encryption and protection of PHI in Scholar’s App
All Scholar’s App network traffic, whether it contains PHI or not, is encrypted using industry-standard transport encryption (TLS). Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS 1.2 and 1.3 protocols ensure that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL). SSLv2, SSLv3, TLS 1.0, and TLS 1.1 are no longer considered secure protocols and thus are not used or supported by Scholar’s App.
Scholar’s App technical implementation includes full access controls to make sure that only authorized individuals are able to access PHI related information and those individuals are trained on the requirements of HIPAA. We follow cybersecurity best practices such as setting strong passwords, limiting administrative privileges, and regularly scan for malware.
Auditing, backups, and disaster recovery
To be consistent with HIPAA and HITECH requirements, Scholar’s App has put auditing capabilities in place to allow security analysts to examine detailed activity logs or reports to see who had access, IP address entry, what data was accessed, etc. This data is tracked, logged, and stored in a central location for extended periods of time.
Under HIPAA, covered entities must have a contingency plan to protect data in case of an emergency and must create and maintain retrievable exact copies of electronic PHI. To implement a data back-up plan, Scholar’s App uses persistent storage for its server instances. These volumes offer off-instance storage that persists independently from the life of a server instance. To align with HIPAA guidelines, Scholar’s App creates point-in-time snapshots of its volumes that automatically are replicated. These snapshots can be accessed at any time and can protect data for long-term durability. Scholar’s App implements a variety of disaster recovery mechanisms.
Scholar’s App administrators can start server instances very quickly and can use an Elastic IP address (a static IP address for the cloud computing environment) for graceful failover from one machine to another.
How can you contact us about this policy?
If you have any questions or comments about this policy, you may contact our technical support by email at firstname.lastname@example.org