HIPAA COMPLIANCE/SECURITY

 

The Easy-to-Use Secure Messaging App for Care Team Collaboration

HIPAA-compliance is more than encryption. HipaaBridge offers a holistic, multi-layered approach to secure, private and regulated communication in compliance with HIPAA regulations and rules. The leading secure messaging application safeguards and protects all communications at all times to enable healthcare professionals to comply with the strictest privacy and regulatory safeguards. HipaaBridge was designed from the ground up to use the most powerful available industry standard authentication and encryption algorithms to secure and protect all communications from end-to-end.

 

Everbridge HipaaBridge is an application for iOS and PC platforms that enables users to participate in video calls and secure messaging from enterprise and personally-owned Apple iPhones, iPads, iPod Touches and PCs using standard WiFi, broadband internet and cellular connections.  Doctors, nurses, and patients are going to text and use FaceTime or Skype because it’s easy and effective. But those are not HIPAA-compliant. Everbridge HipaaBridge works the same way, while enabling you to be HIPAA-compliant for healthcare.

 

Identification and Authentication

 

Ensuring that only authorized users and administrators are able to gain access to user accounts and the system administrator’s portal is fundamental to securing the system.

 

Business Continuity

 

Everbridge HipaaBridge’s server architecture has been designed from the ground up to leverage the scalability of the cloud to rapidly add capacity. It is geo-distributed to avoid regional conditions which might otherwise cause an interruption in service. Physically, all servers are hosted in data centers certified for: HIPAA, SOC 1, Type II/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), SOC2 Type II, and more.

 

Protection of Data at Rest and in Transit

 

Everbridge HipaaBridge uses RSA 2048 public/private key encryption while leveraging an encryption key exchange mechanism. No shared keys are used in our message payloads even in a group messaging scenario. Once encrypted, messages are passed over a secure TLS channel. Moreover, the phone’s database is AES256 encrypted to thwart hacking attempts and jailbreaks. Our architecture ensures that messages are never decrypted outside of the client and by the intended recipient. Neither our server nor our employees hold decryption keys and thus can never decrypt messages.

 

Ongoing Vigilance, Risk Analysis and Management

 

The HIPAA Security Rule requires “covered entities to implement basic safeguards to protect electronic protected health information from unauthorized access, alteration, deletion, and transmission.” Moreover, it calls for continual assessment of risks to electronic health information by constantly monitoring the effectiveness of safeguards, risk analysis and management. Should any vulnerability be identified, it must be rapidly addressed and secured. Covered Entities and their Business Associates can be assured the system enables HIPAA and HITECH compliance.

 

HIPAA Business Associate Agreement

 

Although Everbridge does not hold the decryption keys to access any information, health or otherwise, that its customers may observe, transmit, or receive, the final HIPAA omnibus rule effective September 2013 may be interpreted such that communications service providers are considered a Business Associate. As a leading healthcare IT company focused on HIPAA-compliant communications, Everbridge has elected to sign a HIPAA Business Associate Agreement (BAA) with customers.

 

Archiving, Data Retention, Auditing, Monitoring

 

Customers set their own message archiving and data retention policies; from as little as 1 second, or up to 7 years. Communications may be audit-logged and monitored to measure usage of the system and provide our enterprise customers analytics and recording keeping. Although no messages or communications are ever viewable by anyone except the intended recipient, usage data, logging and monitoring is a key component of enabling HIPAA-compliance.

 

Security Architecture and HIPAA-Compliance

 

We have a technical security and HIPAA-compliance whitepaper available. It details our security architecture and demonstrates how we map to all HIPAA technical, administrative and physical safeguards. Just tell us who you are and we’ll send it to you.

 

 

 

WE’RE HERE TO HELP!

 

Contact us for sales, questions about meaningful use, open APIs and EHR integration, or for support questions.

Call Everbridge +1-818-230-9760