HIPAA Compliant File Sharing & Document Management

What is the Health Insurance Portability and Accountability Act (HIPAA)?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law requiring health care organizations to develop, implement, and maintain administrative, technical, and physical safeguards to protect the security, integrity, and confidentiality of patient information.

Who has to comply with HIPAA?

Under HIPAA, covered entities include health plans, health care clearinghouses, and health care providers regardless of size who electronically store or transmit any health information in connection with any transactions for which HHS (Department of Health and Human Services) has adopted a standard.2

What if you fail to comply with HIPAA regulations?

Under HIPAA, penalties for non-compliance can include fines of up to $50,000 per violation, with fines for officers and directors of up to $250,000 per violation. The provisions include criminal penalties of up to 10 years in prison.1

How does SmartVault support your HIPAA compliance efforts?

SmartVault provides privacy and security protections that enable our customers to use our products in compliance with HIPAA. These include:

  • security measures for protecting PHI
  • assessments for reasonable remediation or mitigating controls of addressable HIPAA Security Rules
  • an annual HIPAA Security Attestation, Gap Assessment, and Security Risk Analysis
  • the regular review and retention of HIPAA policies and procedures
  • security awareness content regarding the protection of ePHI, and
  • the designation and role definition of a HIPAA Security and Privacy Officers

HIPAA requires: SmartVault offers solutions:
Business Associate AgreementsAs a provider of services to healthcare organizations, SmartVault makes available a standardized Business Associate Agreement (BAA) to govern our storage and protection of your client records. This agreement can be obtained from your sales representative for execution by your management/legal team and the compliance officer of SmartVault.
Comprehensive written Information Security ProgramSmartVault’s information security program is clearly documented, with supporting policies and procedures for all aspects of safeguarding your information, and it is reviewed on an annual basis to ensure it is still meeting the needs of the changing business landscape.
Risk Assessment and RemediationOn an annual basis, we at SmartVault evaluate not only our own internal processes and controls, but also those of our data center providers.
Administrative Safeguards

As part of the administrative safeguards in place at SmartVault, each and every employee has clearly defined roles and responsibilities for protecting our customer’s data. We provide training on information security to all new hires, and on an annual basis to all employees and contractors.

We also have clearly documented processes and procedures for every aspect of our services and ensure that our staff understand and operate by those procedures.

Technical Safeguards

Industry Standard SSL encryption for documents in transit – protecting your documents, passwords and interactions with SmartVault from eavesdropping

  • Granular access – ability to grant access to specific folders
  • Activity Logs – complete audit history of who accessed and/or modified
    documents stored in SmartVault
  • Document access via authenticated login – files are only accessible to
    users of the service (no anonymous sharing of files)
Physical SafeguardsPhysical access to our data centers is strictly controlled. Only those employees and contractors with a demonstrated need are permitted access and that access is controlled through a series of technical controls such as badge readers on the doors, biometric locks on the data center and physically keyed or combination locks on cabinets and safes.
An ongoing process to determine whether the Security Program is effectiveAt SmartVault, we are constantly seeking to improve our services and security is no exception. We continuously gather and analyze new information regarding threats and vulnerabilities, adjusting our security controls to ensure their effectiveness in the face of these changes. And we update our security strategy, the administrative, technical and physical safeguards to ensure we are providing our customers with the most comprehensive protection that we can.

SmartVault Supports Your Compliance Efforts

Keep in mind that HIPAA compliance is a healthcare organization obligation, not a prescriptive specification. So when we say that SmartVault supports a HIPAA-compliant workflow, what we mean is that our service gives you the tools that health care organizations and service providers need in order to work in a HIPAA-compliant fashion.
Footnotes

  1. HIPAA Violations and Enforcement
  2. To Whom Does the Privacy Rule Apply and Whom Will It Affect?

Get Started Now

Open a free trial account to get started now.

Start Free Trial
See SmartVault in Action

Book a 15-minute demo to see exactly how SmartVault can work for your business.

See A Demo
SCROLL TO TOP