Is Ripple HIPAA Compliant?
All of our plans have security features that meet or exceed HIPAA guidelines. We offer plans that have additional administrative and IT protections that make them fully HIPAA compliant and we sign Business Associate Agreements with any of our customers who are subject to HIPAA. If you are required to maintain your participant information in a HIPAA compliant service please contact us to confirm you have selected a plan that meets your requirements.
Our current security features include:
Infrastructure and Data:
- HITECH certified data centers*
- Separate database and application servers
- Double sever redundancy (3-replica sets).*
- Dedicated, non-shared servers
- Logical segmentation of customer data
- Dedicated firewall and intrusion scanning
- SSL 2048-bit data encryption during transit
- Disk Level database encryption (i.e., encryption at rest)
- Fully readable audit logs for account admins
- Tracking of all View, Edit, Delete, Modify events
- Event level tracking for all users
- Custom selection of auditable events
- Logging of all failed login attempts
Access and authentication:
- Access control via username and passwords
- Automatic user logoff (custom time)
- Strong password requirement SC 03.02
- Case sensitive usernames (ISO-646/ECMA-6 )
- Password expiration (custom time)
- No password reuse for 12 month
- Account lock upon a custom number of failed login attempts
- Access groups with custom access roles
- Optional two-factor authentication*
- Limited feedback after failed attempt
- No access to customer data by Ripple’s staff except when mandated by law or when explicitly requested and authorized by customer for data recovery or technical support purposes.
* Clinical plans only.