Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Tip |
---|
Tidepool complies with all HIPAA security, privacy, and breach notification rules. |
Live Search | ||||||||
---|---|---|---|---|---|---|---|---|
|
All employees and independent contractors are required to review HIPAA training materials and to undergo a HIPAA security audit for all computers and mobile devices that access Tidepool's servers on an annual basis.
Tidepool’s HIPAA security audit checklist is publicly available for review.
Each Tidepool user is audited for and attests to the following, at minimum:
HIPAA Policy Awareness and Training
HIPAA Privacy and Confidentiality Training
Security Best Practices and Processes
Password/passcode use, strength and composition
Implementation of 2-factor/Multi Factor authentication for all capable services
Certification of HIPAA-compliant data storage, no external cloud storage to be used for PHI
Screen locking policy
Engineers/Admins - additional security controls applied to admin accounts and those that can commit source code
Data protection - hard drive encryption implemented for all internal and external storage (which must be approved)personal storage
HIPAA-compliant device configuration for all mobile devices as above (enforced encryption, screen lock, wiping, password complexity)
Remote tracking and wipe of all capable devices
Firewall enabled
Backup devices or services fully encrypted
See System architecture for a detailed look at HIPAA-compliant services used.
Page Tree |
---|