HIPAA Compliance
At Insider, we take the privacy and security of your sensitive information seriously. As part of our commitment to safeguarding your data, we adhere to the Health Insurance Portability and Accountability Act (HIPAA) and have implemented comprehensive measures to ensure compliance.
Our Commitment to HIPAA Compliance
1. Administrative Safeguards:
- We have established and maintained policies and procedures to manage the selection, development, implementation, and maintenance of security measures.
- Our security and legal teams oversee HIPAA compliance, conduct regular risk assessments, and ensure ongoing employee training on privacy and security practices.
2. Physical Safeguards:
- Insider services and data are hosted in Amazon Web Services (AWS) facilities (eu-west 1) in Ireland. Access to data centers is strictly limited to authorized personnel with verified biometric identity. AWS data centers are physically protected by security guards, video monitoring, and other on-premise security measures.
- We employ safeguards to protect against environmental hazards or unauthorized intrusion.
3. Technical Safeguards:
- State-of-the-art encryption protocols are utilized to protect electronic health information during transmission and storage.
- Regularly updated firewalls, anti-virus software, and access controls are in place to secure our information systems.
4. Organizational Requirements:
- All employees undergo thorough background checks and sign confidentiality agreements.
- We have designated Information Security, Risk, and Compliance Teams responsible for overseeing policies, conducting audits, and responding to any incidents.
Business Associate Agreement (BAA)
To further demonstrate our commitment to protecting your data, Insider is pleased to offer a Business Associate Agreement (BAA) upon request. This agreement outlines the responsibilities and safeguards in place when handling your protected health information (PHI).
Our BAA includes, but is not limited to:
- Clearly defined roles and responsibilities for both parties.
- Safeguards to prevent the unauthorized use or disclosure of PHI.
- Procedures for reporting and responding to security incidents.
- Measures for ensuring the confidentiality, integrity, and availability of PHI.
- Obligations for the return or destruction of PHI at the end of the business relationship.
Requesting a Business Associate Agreement
If you require a Business Associate Agreement or have any questions regarding our HIPAA compliance practices, please contact privacy@useinsider.com
Insider is dedicated to maintaining the highest standards of privacy and security, and we appreciate the trust you place in us. We are committed to evolving our practices to meet the ever-changing landscape of healthcare information security.