At WhatConverts we’ve always taken steps to ensure user access and information is secure. We are pleased to announce that we have taken this a step further.
We are happy to announce that WhatConverts now complies with all HIPAA standards for HIPAA enabled accounts.
HIPAA (Health Insurance Portability and Accountability Act of 1996) was designed to establish standards for accessing, storing and transmitting medical data and ensuring the privacy and security of Private Health Information (PHI).
If your account deals with PHI (Private Health Information), we can now apply additional controls that tighten up security and grant access to only authorized personnel.
Who should enable HIPAA compliance?
Any WhatConverts account where PHI (Private Health Information) is disclosed needs to be HIPAA enabled.
How does a HIPAA enabled account differ from a regular account?
We have applied restrictions and controls to the account to ensure that only people authorized can access PHI. In addition, all actions of users that have access to a HIPAA account are logged. Here are some of the controls and restrictions we apply:
- All data is encrypted at rest and in transit.
- Webhooks to unsecured URLs are disabled to prevent unauthorized distribution of PHI.
- When accessing potential PHI in leads or call recordings the user’s information is logged along with what data was accessed.
- Email notifications have potential PHI removed.
- Users are automatically logged out after 15 minutes of inactivity.
How do I enable HIPAA compliance for my account?
There are two things you need to enable your for HIPAA compliance.
Login to your account and select “Settings” and click on “HIPAA” from the drop down. Set HIPAA Enabled to “On” and click “Update“. HIPAA compliance is set at the account level. If you use an agency account, each client account will need to be enabled individually.
Next contact us to execute a Business Associate Agreement (BAA). Please include your first and last name, company name, and email address.
We’ve worked to make our HIPAA solution as hassle free as possible. Please contact firstname.lastname@example.org if you have any questions.