Introduction

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) applies to “covered entities” and “business associates.” Covered entities include healthcare providers engaged in certain electronic transactions, health plans, and health care clearinghouses. Business associates are entities that provide services to a covered entity that involve access by the business associate to Protected Health Information (PHI), as well as entities that create, receive, maintain, or transmit PHI on behalf of another business associate. HIPAA was expanded in 2009 by the Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA and HITECH establish a set of federal standards intended to protect the security and privacy of PHI. HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities. For additional information on HIPAA and HITECH, visit http://www.hhs.gov/ocr/privacy/.

 

Our Commitment

Trustifi (‘we’ or ‘us’ or ‘our’) are committed to ensuring the security and protection of the personal information and PHIthatwe process, and to providing a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the HIPAA.

 

Security Information

Trustifi has patented an affordable email security solution that encrypts, tracks, and postmarks all your electronic communication in just one click. Trustifi’s advanced technology uses military-grade encryption to give you the peace of mind you need to concentrate on what’s truly important. Trustifi announced today that it has voluntarily attained HIPAA. Attaining HIPAA compliance will enable Trustifi to operate as a HIPAA Business Associate when contracting with HIPAA-covered entitles.

Trustifi uses Heroku and AWS services as its HIPAA-compliant cloud platform. As such, these cloud services platforms provide industry-recognized certifications and audits such as ISO 27001, FedRAMP, and the Service Organization Control Reports (SOC1, SOC2, and SOC3).

 

Encryption And Protection Of PHI In Trustifi

The HIPAA Security Rule includes addressable implementation specifications for the encryption of PHI in transmission (“in-transit”) and in storage (“at-rest”). Trustifi encrypts all Email data and metadata in accordance with guidance from the Secretary of Health and Human Services (HHS), AllTrustifi network traffic, whether it contains PHI or not, is encrypted using industry-standard transport encryption (TLS). Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS 1.1 and TLS 1.2 protocols ensure that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL). SSLv2, SSLv3, and TLS 1.0 are no longer considered secure protocols and thus are not used or supported by Trustifi. At rest, the data is encrypted via AES-256.

Trustifi has implemented technology and security policies and other measures to protect the personal data of her customers from unauthorized access, proper use, alteration, unlawful or accidental destruction, and accidental loss. Trustifi also requires all her employees and others who have access to or are associated with the processing of your data to respect your confidentiality.

 

Auditing, Backups, And Disaster Recovery

Security Regulations of HIPAA also require thorough auditing, data backup procedures, and mechanisms for disaster recovery. This section describes how Trustifi deals with these requirements.

Trustifi has set up auditing capabilities for security analysts, in line with HIPAA and HITECH requirements, to examine detailed activity logs or reports for access, IP address entry, data accessed, etc. In the event of an audit, these data are followed, logged and stored at a central place for long periods of time.

According to HIPAA, covered entities must be subject to an emergency contingency plan to protect data and create and maintain accurate copies of electronic PHIs.To implement a data backup plan, Trustifi uses persistent storage for its server instances. These volumes offer off-instance storage that persists independently from the life of a server instance.

To align with HIPAA guidelines, Trustifi creates point-in-time snapshots of its volumes that automatically are replicated across multiple Availability Zones, which are distinct locations engineered to be insulated from failures in other Availability Zones. These snapshots can be accessed at any time and can protect data for long-term durability. Trustifi also provides a highly available solution for data storage and automated backups. Multiple redundant copies of Trustifi backups are automatically created and stored in separate data centers. These snapshots and backups can be accessed at any time, from anywhere (based on permissions), and are stored until intentionally deleted.

Disaster recovery is typically one of the costliest requirements of HIPAA for protecting an organization’s data and IT infrastructure in a disaster. This includes the maintenance and continuous access to highly available systems which keep both the data and the system off-site replicated. Trustifi has a variety of mechanisms for disaster recovery.

Trustifi replicates and automatically stores customer data in the data centers to ensure reliable data storage that provides 99.99 percent accessibility.

 

How to contact us

If you have any general questions about the Services or the information that we collect about you and how we use it, please contact us at support@trustificorp.com

Trustifi LLC,
6543 S Las Vegas Blvd,
Las Vegas, NV 89119.

Call us: 877-404-8525