FreeAgent, the #1 user-rated CRM + work management platform, announced hassle-free HIPAA compliance for all customers.
Health care information is among the most private and personal information that any business can collect and retain. This poses unique challenges for enterprise software platforms, like FreeAgent, that help power healthcare and healthcare-related organizations.
This security layer comes without the need for 3rd-party vendors, which is a common barrier with laggard CRM platforms, such as Salesforce.
Independent validation for Health Insurance Portability and Accountability Act (HIPAA) policies, procedures, and technology conducted by third-party assessor, IRClass Systems and Solutions, has now certified that FreeAgent meets or exceeds HIPAA’s rigorous administrative, technical, and physical controls throughout its IT, infrastructure and supporting the business process.
This means FreeAgent is certified to offer the safest and most secure data protections available to the healthcare industry.
HIPAA compliance entails a variety of methods and best practices to ensure customer data security. Below are a few examples of the steps FreeAgent has taken to achieve HIPAA certification:
- In-Transit Data Encryption: All inbound and outbound communication outside of our private data network is always encrypted using secure TLS 1.2/1.3 protocols.
- At-Rest Data Encryption: Data stored on servers in our private network are always encrypted using secure AWS KMS technology with keys that are periodically rotated, ensuring physical access to disk storage is completely secured.
- ePHI (Electronica Protected Information) data is secured with robust access controls such as Role Based Access controls (RBAC), Multi-Factor Authentication (MFA), periodic access reviews etc. This ensures the minimum risk ePHI is leaked to unauthorized individuals/entities.
- Periodic automatic backups are taken to ensure availability of data and systems whenever needed.
- System logs are a key part of HIPAA compliance, we log and store access logs and event logs, to track all the login attempts and changes made to data.
- Designated HIPAA security personnel in place implementing policies and procedures to prevent, detect, contain, and correct breaches of ePHI.
At FreeAgent, trust is a non-negotiable value. We work hard to demonstrate this to our customers, our partners, and our employees. It’s key to our ongoing commitment to lead the way to a better work day.
Learn more about FreeAgent Security