Healthie Security and Privacy
Healthie is HIPAA, PIPEDA, AUS Privacy Act, and GDPR Compliant (System protects personal health information)
We follow medical-grade security and privacy protections to secure data.
Healthie meets the strictest security standards and privacy protections to keep your client data safe.
The Health Insurance Portability and Accountability Act (HIPAA) is a series of US regulations that protects personal health information. Healthie is compliant with the HIPAA Privacy Rule, the HIPAA Security Rule, the HIPAA Breach Notification Rule, the HIPAA Administrative Safeguards, and the HIPAA Physical Safeguards.
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a series of Canadian regulations that protect personal health data. Healthie’s infrastructure protects personal information in compliance with PIPEDA.
AUS Privacy Act
The AUS Privacy Act includes thirteen Australian Privacy Principles that outlines how personal information must be protected, secured, and stored by health care providers and professional entities. Healthie follows the AUS Privacy Act.
Healthie is GDPR-compliant, to be consistent with the EU's updated General Data Protection Regulations.
Business Associate's Agreements (BAA)
Business Associates Agreements are in place with strategic partners and site sessions are encrypted with 512-bit Secure Socket Layer technology. Healthie signs a Business Associate’s Agreement with entities, and access to specific provider and client profiles is highly limited, regulated, and closely monitored. Team members have signed agreements in place accordingly.
Please find details here on Healthie’s HIPAA Compliance:
Healthie HIPAA Compliance Security Overview: Link to document here
Healthie HIPAA Compliance Technical Safeguard: Link to document here
You can view a copy of Healthie's Business Associate's Agreement (BAA) here.
Healthie is PCI Compliant (System protects credit card and bank account information)
Healthie incorporates industry-leading measures to secure the financial information of you and your clients.
What is PCI Compliance?
The Payment Card Industry Data Security Standard, a set of security measures designed to ensure a secure environment for transmitted credit card information. Healthie’s payment processor is certified as PCI Service Provider Level 1, the highest possible level. Healthie tokenizes and encrypts all payment information and payment information is not stored by Healthie, nor accessible to anyone within the organization.
What makes Healthie PCI Compliant?
We partner with Stripe and Microsoft's Azure on PCI compliance:
Stripe's compliance - https://stripe.com/docs/security/stripe
Acutal certification - http://www.visa.com/splisting/searchGrsp.do?companyNameCriteria=stripe
Azure compliance - https://www.microsoft.com/en-us/trustcenter/Compliance/HIPAA
Last updated on April 6, 2019