HIPAA Compliance
The Health Insurance Portability and Accountability Act (HIPAA) establishes standards to protect sensitive patient health information (PHI) from being disclosed without the patient's consent or knowledge. Expertflow takes the following measures for HIPAA Technical Safeguards.
HIPAA Technical Safeguards | Compliance | Expertflow CX Compliance |
|---|---|---|
Access Control. A regulated entity must implement technical policies and procedures for its electronic information systems that maintain ePHI to allow only authorized persons to access ePHI. | COMPLIANT |
|
Authentication. A regulated entity must implement procedures to verify that a person seeking access to ePHI is who they say they are. | COMPLIANT | All agents must authenticate themselves to use Expertflow CX, also as an added layer of security Two-factor authentication can be used as a second form of verification. For more details see Identity and Access Management. |
Transmission Security. A regulated entity must implement technical security measures to guard against unauthorized access to ePHI that is being transmitted over an electronic network. | COMPLIANT | Expertflow CX uses TLS for secure communication. See Data Encryption for details. |
Audit Controls. A regulated entity must implement hardware, software, and/or procedural mechanisms to record and examine activity in information systems that contain or use ePHI. A regulated entity must implement policies and procedures to ensure that ePHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that ePHI has not been improperly altered or destroyed. | NON-COMPLIANT | A centralized Audit-logging is on the roadmap for 2025. |
Roadmap for HIPAA Compliance
The following is the list of features related to HIPAA compliance that are on our roadmap.
Please enter an Aha! link and then click
above to see a preview