Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Tidepool complies with all HIPAA security, privacy, and breach notification rules.

All employees and independent contractors are required to review HIPAA training materials and to undergo a HIPAA security audit for all computers and mobile devices that access Tidepool's servers on an annual basis.

Tidepool’s HIPAA security audit checklist is publicly available for review.

Each Tidepool user is audited for and attests to the following, at minimum:

  • HIPAA Policy Awareness and Training

  • HIPAA Privacy and Confidentiality Training

  • Security Best Practices and Processes

  • Password/passcode use, strength and composition

  • Implementation of 2-factor/Multi Factor authentication for all capable services

  • Certification of HIPAA-compliant data storage, no external cloud storage to be used

  • Screen locking policy

  • Engineers/Admins - additional security controls applied to admin accounts and those that can commit source code

  • Data protection - hard drive encryption implemented for all internal and external storage (which must be approved)

  • HIPAA-compliant device configuration for all mobile devices as above (enforced encryption, screen lock, wiping, password complexity)

  • Remote tracking and wipe of all capable devices

  • Firewall enabled

  • Backup devices or services fully encrypted

See System architecture for a detailed look at HIPAA-compliant services used.

  • No labels

The content of the Tidepool Technical Documentation is licensed under a Creative Commons CC0 1.0 Universal (CC0 1.0) Public Domain Dedication.