Stay compliant with HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established standards for the security and privacy of health data, especially individually identifiable information. Healthcare providers and related entities in the United States must abide by these regulations, but the standards are also utilized by many organizations outside the traditional healthcare system and even outside the United States.

What HIPAA protects

Patients have legal rights over their health information, which when digitized is called electronic protected health information (ePHI)

These include three fundamental rights:

  1. The right to authorize disclosure of their health information and records.
  2. The right to request and examine a copy of their health records at any time.
  3. Patients have the right to request corrections to their records as needed.

The technical safeguards included in the HIPAA Security Rule break down into four categories.

Access control: These controls are designed to limit access to ePHI. Only authorized persons may access confidential information.

Audit control: Covered entities must use hardware, software, and procedures to record ePHI. Audit controls also ensure that they are monitoring access and activity in all systems that use ePHI.

Integrity controls: Entities must have procedures in place to make sure that ePHI is not destroyed or altered improperly. These must include electronic measures to confirm compliance.

Transmission security: Covered entities must protect ePHI whenever they transmit or receive it over an electronic network.

How Codeproof helps keep you HIPAA compliant

Disclaimer: This document offers the ways in which Codeproof keeps customers compliant. However, every enterprise should do its own compliance due diligence and assess its mobile security framework to support HIPAA compliance.

  1. Enforce Encryption: Platform enforces strong encryption policies for both iOS and newer versions of Android Devices.
  2. Enforce Password: Codeproof enforces strong password policies for both iOS and Android mobile platforms.
  3. Enable Remote Lock and Wipe: Codeproof platform offers data leakage prevention mechanism such as remote lock and remote data wipe functions to protect mobile devices from a corporate data theft.
  4. Device Tracking: Device location tracking is part of some HIPAA compliance programs. Codeproof allows an administrator to enable or disable location tracking.
  5. Email Attachment Security: Codeproof container management restricts email attachment sharing between workspace container and personal account.
  6. Auto Data-wipe Policy for Lost Devices: Codeproof data-wipe policy erases the lost/stolen device in case of unauthorized brute force attack after a number of failed password attempts.
  7. Mobile OS integrity: Codeproof platform constantly monitors mobile OS integrity and make sure that operating system security is not tempered by rooting or jail-breaking the device.
  8. Prevent unauthorized app usage: Codeproof prevents the use of apps that have not been approved by the customer.