The federal Health Insurance Portability and Accountability Act (HIPAA) provides strict regulations to protect health information.
We believe that privacy is a fundamental human right and understand the central role that it plays in modern software. We take a security first approach to every aspect of our business and are committed to ensuring that your company's data is always protected and safe with us.
Prestavi regards itself as performing the functions of a Business Associate.
Wherever necessary, Prestavi will enter into a Business Associate Agreement that provides contractual assurances that we will safeguard your electronic protected health information (ePHI).
Prestavi uses vendors that are willing to enter into HIPAA-compliant agreements for situations where we store or transmit ePHI to them.
We’ve devoted significant resources towards our efforts to comply with HIPAA, listed below are some of the steps that we’ve taken.
Risk Analysis completed.
Implemented security measures to reduce risk and vulnerabilities.
Implemented an employee sanction policy and we have trained our workforce on HIPAA and cyber security essentials.
Automated threat detection is used to continuously monitor and review our infrastructure audit logs for security risks and incidents.
Implemented policies for workforce security and access management.
Implemented an Incident Response Plan.
ePHI is only stored with our HIPAA-compliant Cloud Service Provider.
Database backups are taken daily with point-in-time recovery.
ePHI is only accessible to workforce members that have the highest level of authorization.
We implement the principle of least privilege to ensure that workforce members only have access to the data they need to carry out their duties.
Enterprise grade security powered by Amazon Web Services.
All data sent over public networks use strong encryption. Our SSL certificates provided by AWS use the SHA-256 hashing algorithm with RSA 2048-bit encryption.
While at rest, data that resides in our systems is encrypted using the industry-standard AES-256 encryption algorithm.
All passwords are hashed and salted using the Blowfish cipher. No one at our company can read user passwords, if you forget it, you must reset it.
Read our security white paper at prestavi.com/security
We will provide a signed Business Associate Agreement to organizations that sign up for our Enterprise plan.
We’ve created an information booklet with the details about Prestavi's HIPAA compliance in an easy to share format.
Download PDF Information Booklet
For any questions related to our HIPAA compliance, please reach out to us at firstname.lastname@example.org