HIPAA Security Measures that Sogolytics Employs
As required by HIPAA, we implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic PHI that we receive, maintain, and transmit on behalf of covered entities with respect to their HIPAA-enabled accounts. These safeguards include measures required by the Security Rule, such as:
- Regular risk assessments of systems to ensure that safeguards remain relevant and effective
- Assigned security team which is responsible for maintaining compliance with HIPAA’s security requirements
- Screening, authorization, and training of Sogolytics staff who come into contact with customer PHI
- Data backup plans
- Disaster recovery plans
- Systems regularly monitored, updated, and patched
- Incident response plan that includes reporting of security incidents to affected covered entities
- All communications with Sogolytics servers encrypted with SSL
For more information, see our Data & Security.
When you enable HIPAA-compliant features, the following features required by HIPAA are activated on your account. These features help covered entities to comply with their own HIPAA obligations:
- Security reminders: We remind users of their HIPAA obligations with in-product messages that appear whenever they perform certain sensitive operations on PHI (such as exporting survey data that could potentially be shared with third parties).
- Automatic logout: We timeout user sessions after 60 minutes of inactivity.
- Login: We log account access activity and a variety of events relating to HIPAA-enabled accounts by timestamp, IP address, and event type. You can access these logs within your account.
This feature is available only in our Enterprise plan. Contact us to take advantage of this option.