We are
,
and we are
Always
HIPAA Compliant.
We go above and beyond other digital agencies to ensure air-tight HIPAA compliance in all aspects of your website, communications, & data storage.
Let's Explain
Ask around and you may here WordPress recommended for your website. The reasons are simple: it's free, easy to learn for novice agencies, and ubiquitous. What you might not know: Most WordPress sites are unsecure, hackable, and could expose your patient's HIPAA-protected data.
Most 'developers' simply configure plug-ins on WordPress sites - they don't code the solutions themselves. This results in a significant cybersecurity vulnerability - these plug-ins are created by unaudited, unmonitored, third parties who may not properly secure the plug-ins, or may have nefarious intentions themselves.
Ours solutions are custom-built and coded specifically for behavioral health practices. Our code and systems are monitored and audited by cybersecurity experts, and we use military-grade encryption for all data transfers - something other digital agencies don't.
Using Military-Grade Encryption - both at-rest and in-transit - your practice data and patient information is ALWAYS secure. Other agencies and website builders may encrypt this data in-transit, but it may not be encrypted at-rest. This leaves all your practice data and patient information vulnerable to attack/compromise, and is not HIPAA compliant.
When a Patient/Client submits a form or engages a chat on your website, three things happen:
1) The data is transmitted to you or your cloud provider via various third parties and across States or even Countries. This data in transit is vulnerable to hi-jacking and MITM (Man-In-The-Middle) attacks. We insure ALL data transmissions are encrypted using Zero-Knowledge, Military-Grade Encryption algorithms - preventing these attacks from occurring.
2) After this data is transmitted, it has to be stored somewhere - usually in the Cloud. Most other agencies and web builders store this information in plain-text format - it is not encrypted. This leaves it easily accessible and vulnerable to attack/theft. We ensure ALL your patient information is stored on encrypted, domestic-only servers that are fully HIPAA compliant and secured with advanced firewalls and User Authentication Management.
3) The stored data must be accessed by you and your employees. Often, this data, when being accessed, is transmitted un-encrypted. ALL our data is transmitted via SSL encryption and is only decrypted on your device at the time of access.
We routinely screen and monitor the data - both in-transit and at-rest - and log who accessed it, who attempted to access it, and when If we see anything suspicious, we will immediately notify you, lock down the data, and remediate the situation.
To ensure Data Integrity and Availability, we back up your data in at least two separate Datacenters in different regions. This ensures if any natural disaster or other failure happens at on e location, your data is still available at the other.
Further, we routinely cross-reference these two data sets, so if either was tampered with or altered in any way, we will immediately know.