Standards and Quality

Digital Scientists has comprehensive safeguards in place to ensure compliance with the HIPAA Security Rule, including administrative, physical, and technical measures. The administrative safeguards involve conducting risk analyses, implementing risk management strategies, establishing a sanction policy, and performing regular information system activity reviews.

Security Responsibilities
& Procedures

Workforce Security

  • Authorize and supervise ePHI access
  • Conduct clearance procedures
  • Manage terminations to prevent unauthorized access

Physical Safeguards

  • Facility access controls and security plan
  • Maintain maintenance records
  • Contingency operations

Workstation Use and Security

  • Secure disposal and reuse of media
  • Accountability measures
  • Data backup protocols

Technical Safeguards

  • Unique user identification and emergency access
  • Automatic logoff and encryption
  • Audit controls and transmission security

HIPAA Privacy
Rule Adherence

PHI Use and Disclosure

  • Limited to treatment, payment, and healthcare operations
  • Required disclosures to individuals and HHS

“Minimum Necessary” Standard

  • Limit PHI use and disclosure to the least amount needed, except in specific situations

Additional Protections

  • Respect restrictions agreed upon with individuals
  • Ensure obligations for business associates handling PHI

Special Considerations

  • Protect PHI of deceased individuals
  • Adhere to specifications for abuse and neglect
  • Support confidential communications and consistent PHI use/disclosure policies

Data Standards

Our practices highlight our readiness to meet HIPAA compliance standards and showcase our commitment to protecting PHI throughout the software development lifecycle.

Access Controls

We provide role-based access control (RBAC) and strong authentication mechanisms to ensure only authorized users can access protected health information (PHI).

Data Encryption

We implement end-to-end encryption of PHI both at rest and in transit using industry-standard encryption algorithms and key management practices.

Audit Logging

We offer comprehensive audit logging capabilities to track user access to PHI, including login attempts, data modifications, and security incidents.

Data Integrity

We ensure the integrity of PHI with robust data validation and integrity checks to prevent tampering and maintain data accuracy.

Secure Software Development Lifecycle (SDLC)

We incorporate security into every phase of the software development lifecycle, including secure coding practices, security reviews, and vulnerability assessments.

Risk Management

We conduct regular risk assessments to identify and mitigate potential security risks and vulnerabilities in software products handling PHI.

Business Associate Agreements (BAAs)

We provide Business Associate Agreements (BAAs) outlining responsibilities and obligations regarding PHI protection for covered entities using our software.

Incident Response and Breach Notification

We offer incident response capabilities to handle security incidents and data breaches promptly, including timely notification to affected parties as required by HIPAA.

Employee Training and Awareness

We offer training and awareness programs to educate employees handling PHI on security policies, procedures, and best practices to ensure compliance.

Documentation and Compliance Documentation

We maintain comprehensive documentation of software development processes, security controls, risk assessments, audits, and compliance efforts to demonstrate adherence to HIPAA requirements.