HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with health information has to comply with the standard. Jitbit Hosted Helpdesk is compliant with the HIPAA security standards and we have many medical institutions among our customers.
We regularly audit our app to make sure it complies with the HIPAA checklist, for all Technical Safeguards, Physical Safeguards and Administrative Safeguards. Some of the things we do regularly:
Jitbit Helpdesk has multiple settings and features to prevent PHI violations, even by accident.
We'd be happy to sign a BAA with you. We will provide our standard BAA upon request.
We host all our servers on Amazon AWS. We chose them, among other things, for their strict security policies. As you can see on this page, all Amazon servers are HIPAA compliant. We also encrypt all our backups, enforce password policy for all users, use secure encrypted network connections only. We log all destructive actions, we are protected by several firewall and antivirus systems.
We have signed a custom BAA with Amazon to comply with HIPAA, and we can provide this document upon request. Amazon is our only "subcontractor" since we're hosting the servers with their EC2 platform, and storing backups using their S3 service.
If some company claims they have been "HIPAA Certified" - run. They probably lie. HHS has stated several times that there is no HIPAA Certification process and that no organization has authority to certify HIPAA compliance. Therefore, no - we do not have any official certification. But we are undergoing regular audits, for example, PCI-compliance (our latest certificate can be found here).
Please note, that this information is applied to the hosted version only. We cannot guarantee the safety of your data when the app in installed on your server. We do not know which mediums are being used to transfer or store PHI data, or if the IT people are regularly trained and educated.
Yes. First of all - emails. Since the helpdesk software uses email to send out notifications to agents and the end-users, you will have tweak it a little bit. Because email is not a secure way to transfer your data, even if TLS-secured connection is being used on the email-server (it is on our server, by the way).
You have to go to the "Admin - Email settings" and do the following:
Last updated: 3/28/2017 more Hosted Help Desk whitepapers