Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Tip

Tidepool complies with all HIPAA security, privacy, and breach notification rules.

Live Search
spaceKey@self
additionalpage excerpt
placeholderSearch this space
typepage

All employees and independent contractors are required to review HIPAA training materials and to undergo a HIPAA security audit for all computers and mobile devices that access Tidepool's servers on an annual basis.

Tidepool’s HIPAA security audit checklist is publicly available for review.

Each Tidepool user is audited for and attests to the following, at minimum:

  • HIPAA Policy Awareness and Training

  • HIPAA Privacy and Confidentiality Training

  • Security Best Practices and Processes

  • Password/passcode use, strength and composition

  • Implementation of 2-factor/Multi Factor authentication for all capable services

  • Certification of HIPAA-compliant data storage, no external cloud storage to be used

  • Screen locking policy

  • Engineers/Admins - additional security controls applied to admin accounts and those that can commit source code

  • Data protection - hard drive encryption implemented for all internal and external storage (which must be approved)

  • HIPAA-compliant device configuration for all mobile devices as above (enforced encryption, screen lock, wiping, password complexity)

    • Tidepool uses Jamf for Mobile Device Management (MDM)

  • Remote tracking and wipe of all capable devices

  • Firewall enabled

  • Backup devices or services fully encrypted

See System architecture for a detailed look at HIPAA-compliant services used.

Page Tree