compliant sticker background
shield icon

Are you
compliant?

hcdEX logo

compliance

Our product, hcdEX, was developed in response to the growing needs of the healthcare community to have a safe, reliable, and compliant way in which to move data in and out of their applications. In fact, the name hcdEX comes from our core mission and offering: HIPAA Compliant Data Exchange.

blue circle hcdex logo

Therefore, everything we do is performed with the mantra of “compliance first” and BAA execution by default, as opposed to mass market solutions that treat HIPAA compliance as an afterthought and a BAA as a big payday. As we like to say, your data can’t get from A to B without a BAA!

In order to live up to our mission, we strictly adhere to the rules outlined in the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 in order to safeguard and protect the confidentiality of protected health information (PHI) and medical information in general. We offer the following administrative, physical, and technological protections:

  • green circle data at rest icon
    Data at rest: Encrypted via AES-256 algorithm
  • green circle data in transit icon
    Data in Transit: Encrypted via AES-256 algorithm before transmission and sent over TLS 1.2
  • green circle  multifactor authentication icon
    Multifactor Authentication: Access to any data, not only protected health information (PHI), requires a public-private key pair and additional credentials and checks beyond user name and password combination.
  • green circle network segmentation icon
    Network Segmentation: All machines handling HIPAA protected data only handle protected data, there is risk of cross-pollination with non-HIPAA related data.
  • green circle log monitoring
    Log Monitoring: Access to data is continually analyzed and evaluated for anomalies and unauthorized traffic.
  • green circle policies and procedures icon
    Policies and Procedures: Staff access to data is limited to as-needed, based on roles and tasks associated with keeping the product operating smoothly.
  • green circle trusted infrastructure icon
    Trusted Infrastructure: All data resides on Google Cloud, who we have an executed BAA ensuring HIPAA compliance from their end as well. You can learn more about Google’s compliance and successful independent audits of compliance here - https://cloud.google.com/security/compliance/hipaa/.