Through HIPAA (Health Insurance Portability and Accountability) the United States is providing privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals and other health care providers.
HIPAA is an effective compliance at ConveyThis and requires a number of things:
- Security Incidents – ConveyThis will track unauthorized access attempts in an effort to reduce risk and exposure to threats from outside network attacks and malware.
- Access Management – ConveyThis’s requests to/from our servers are made over encrypted https (TLS 1.2/1.1) using only the most secure cipher suites.
- Encryption and Decryption – ConveyThis infrastructure is a multitenant public cloud solution with the ability to segregate data by tenant on their own dedicated instance. All User information is encrypted in the ConveyThis DB.
- Key Management – The key management service we utilize takes advantage of Hardware Security Modules to protect the security of the keys.
- Logging and Audit Controls – HTTPS is the only form of communication allowed to the ConveyThis API. The SSL certificate can (and should) be validated in the client’s web browser. All security incidents are escalated to senior technical staff and when found to be true threats are logged against internal ticketing system for mitigation.
- Monitoring – ConveyThis monitors all servers and network hardware the application is running on. Roles Based Management can be used to restrict access to those users who should not have access to PHI information.
- Additional Security Incidents – Security incidents are communicated to administrators through email/text/phone call and require recognition to close incident or same notifications remains open and hits additional administrators.
At ConveyThis, we are always staying up to date with privacy trends for our customers. ConveyThis’s security framework is based on the ISO 27001 Information Security Standard and includes security mechanisms that cover:
- ConveyThis Personnel Security
- Product Security
- Cloud and Network Infrastructure Security
- Continuous Monitoring and Vulnerability Management
- Physical Security
- Business Continuity and Disaster Recovery
- Third Party Security
- Security Compliance
Security is represented at the highest levels of the company, with our Chief Information Security Officer meeting with executive management regularly to discuss issues and coordinate company wide security initiatives. These policies and standards are available to all of our employees.
Here at ConveyThis there has always been a culture of compliance. We place tremendous importance and value on privacy, especially your privacy. So, we’re letting you know about some of the recent changes that we’ve made regarding our Terms & Conditions and Privacy Policies. These policy updates are in full effect beginning 2/07/2019.
These changes are a result in part of the recent rules set by the European Union’s General Data Protection Regulation (GDPR). We figure that all of our users would benefit from and like to enjoy these rights, so we’re rolling them out globally to everyone.
Here’s an overview of some of these recent updates:
- We have created a global “opt out page”. We don’t want to lose you and we would like to believe that you will really really miss us too. But if you really gotta go – we get it! We will still be here for you if you change your mind.
- We’ve made it a lot easier for you to update your communication preferences.
- We’ve reorganized all of our policies so that they’re easier to find and also easier to read and understand. There is also a lot of new info (some nice light bedside reading material) for you in our help section!
- We’ve provided more clear detail on how we work with all of our partners and other third-party providers to ConveyThis. We also detail how we ensure our partners are compliant across all the regulatory issues you care about.
- We’ve incorporated requisite privacy and security controls across the entire ConveyThis platform to ensure compliance and your peace of mind!
ConveyThis data centers are strategically located in the US and Canada to ensure compliance with regional data sovereignty requirements.
If you have additional questions about HIPAA, Privacy or GDPR compliance at ConveyThis please contact us directly at compliance@ConveyThis.com
Thanks so much for choosing ConveyThis!