Standards and Quality

Digital Scientists has comprehensive safeguards in place to ensure compliance with the HIPAA Security Rule, including administrative, physical, and technical measures. The administrative safeguards involve conducting risk analyses, implementing risk management strategies, establishing a sanction policy, and performing regular information system activity reviews.

Security Responsibilities
& Procedures

Workforce Security

Authorize and supervise ePHI access
Conduct clearance procedures
Manage terminations to prevent unauthorized access

Physical Safeguards

Facility access controls and security plan
Maintain maintenance records
Contingency operations

Workstation Use and Security

Secure disposal and reuse of media
Accountability measures
Data backup protocols

Technical Safeguards

Unique user identification and emergency access
Automatic logoff and encryption
Audit controls and transmission security

HIPAA Privacy
Rule Adherence

PHI Use and Disclosure

Limited to treatment, payment, and healthcare operations
Required disclosures to individuals and HHS

“Minimum Necessary” Standard

Limit PHI use and disclosure to the least amount needed, except in specific situations

Additional Protections

Respect restrictions agreed upon with individuals
Ensure obligations for business associates handling PHI

Special Considerations

Protect PHI of deceased individuals
Adhere to specifications for abuse and neglect
Support confidential communications and consistent PHI use/disclosure policies

Data Standards

Our practices highlight our readiness to meet HIPAA compliance standards and showcase our commitment to protecting PHI throughout the software development lifecycle.

Access Controls

We provide role-based access control (RBAC) and strong authentication mechanisms to ensure only authorized users can access protected health information (PHI).

Data Encryption

We implement end-to-end encryption of PHI both at rest and in transit using industry-standard encryption algorithms and key management practices.

Audit Logging

We offer comprehensive audit logging capabilities to track user access to PHI, including login attempts, data modifications, and security incidents.

Data Integrity

We ensure the integrity of PHI with robust data validation and integrity checks to prevent tampering and maintain data accuracy.

Secure Software Development Lifecycle (SDLC)

We incorporate security into every phase of the software development lifecycle, including secure coding practices, security reviews, and vulnerability assessments.

Risk Management

We conduct regular risk assessments to identify and mitigate potential security risks and vulnerabilities in software products handling PHI.

Business Associate Agreements (BAAs)

We provide Business Associate Agreements (BAAs) outlining responsibilities and obligations regarding PHI protection for covered entities using our software.

Incident Response and Breach Notification

We offer incident response capabilities to handle security incidents and data breaches promptly, including timely notification to affected parties as required by HIPAA.

Employee Training and Awareness

We offer training and awareness programs to educate employees handling PHI on security policies, procedures, and best practices to ensure compliance.

Documentation and Compliance Documentation

We maintain comprehensive documentation of software development processes, security controls, risk assessments, audits, and compliance efforts to demonstrate adherence to HIPAA requirements.