Is SuiteDash HIPAA Compliant?

SuiteDash maintains ongoing compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) and is able to process, maintain and store protected health information for any entities restricted by these regulations.

General Overview

What’s involved in HIPAA compliance?

We complete annual risk assessments and employee training as required by HIPAA. Additionally, we’ve gone to great lengths to ensure that data is properly secured and encrypted.

Where is SuiteDash customer data hosted?

With the exception of off-site backup and redundancy infrastructure, SuiteDash is hosted on Amazon Web Services (AWS), a highly scalable cloud computing platform with end-to-end security and privacy features built in.

What sort of application security is in place?

All SuiteDash web application communications are encrypted over 256 bit SSL, which cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions.

Who has access to our SuiteDash account?

All SuiteDash employees are able to access customer accounts for the sole purpose of lending a hand. We don’t access customer accounts unless we’re explicitly asked for help.

Security

Does SuiteDash have a policy that identifies and determines controls regarding the proper use of workstations to support access and protection of ePHI?

All production data is in a VPC (virtual private cloud). Internal access is firewalled and users must be authenticated on the VPN and via multi-factor authentication to access anything.

Do you have a security policy to help ensure the confidentiality, integrity, and availability of ePHI? Do you have a SOC2/3 report?

Do you routinely conduct audits of your application, such as code reviews, static or dynamic code analysis, penetration tests, or vulnerability scans?

Yes. Code reviews and analysis are conducted by all engineers as a part of the development process. SuiteDash does application scans and penetration tests at least quarterly.