As we work to cement our place as a leader in the digital health revolution, we recognize the need to go above and beyond industry standard security and privacy practices. This includes our full compliance with HIPAA/HITECH.
Strap has instituted safeguards, policies, and procedures to protect patients’ health information, in compliance with the final rule issued by the United States Department of Health and Human Services regarding the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).
These policies include:
- Ongoing assessments of risks to the confidentiality, integrity, and availability of patient data.
- Implementation of policies and procedures that dictate acceptable work practices and map directly to the HIPAA Security Rule’s Administrative, Physical, and Technical Safeguards.
- Implementation of procedural and technical safeguards to prevent Strap employees from improperly accessing PHI.
- Designation of a Chief Security Officer responsible for information system monitoring and information security policy oversight.
- Mandatory HIPAA privacy and security training for all workforce members.
- Encryption of patient data at rest and in transit according to industry-best security standards.
- Implementation of audit trail and record retention capabilities.
- Execution of Business Associate Agreements with customers, vendors, and subcontractors, where appropriate.
- Regular reassessment of all policies and procedures to ensure that HIPAA/HITECH rules continue to be addressed.