HIPAA Compliance

A secure HIPAA (Health Insurance Portability & Accountability Act) compliant online solution for healthcare

We understand the sensitivities and the seriousness associated with keeping patient healthcare data private and secure and that’s why we have looked into details of all administrative, physical and technical safeguard specifications with fine precision, mitigating all HIPAA requirements to safeguard our customers’ data, individuals’ protected health information (PHI) and electronic protected health information (ePHI).
This is why healthcare providers and other covered entities trust Synkwise to transmit their most sensitive documents.

Synkwise is HIPAA compliant, provided the user has advanced security controls activated and enters into a business associate agreement (BAA) with us.

The following Synkwise HIPAA Compliance Statement is intended to inform our customers who are “covered entities” under HIPAA that we are aware of their HIPAA requirements and will do our part to help ensure that their patient data is kept confidential. This Statement is not intended to take the place of a Business Associate Agreement.

We have instituted policies and procedures to ensure that our customers’ data is kept confidential. These include (not limited to) the following:

Access Control

The Synwkise solution includes unique user identification, administrator privileges to grant and remove access, next generation (256-bit AES) encryption and other protocols to limit access to your organization’s authorized personnel only.

Private Data

Data Encryption & Transmission Security

HIPAA requires careful attention be paid to data that is in motion and at rest. All data files at rest are encrypted using 256-bit Advanced Encryption Standard (AES). To protect data in transit between Synkwise apps (API, or web) and our servers, we use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) for data transfer, creating a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.

User Authentication

Users can access the Synkwise service via online only with a valid username and password combination which are SSL encrypted. An encrypted session ID cookie is used to uniquely identify each user. While logged into our servers, all communications will be encrypted at all times.

Highly Secure Data Centers

Synkwise is using the Amazon AWS’s utility-based cloud services to process, store, and transmit protected health information (PHI).

AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure AWS environment to process, maintain, and store protected health information.

Information Security

We’re always assessing risks and improving the security, confidentiality, integrity, and availability of our systems. We regularly review and update security policies, provide our employees with security training, perform application and network security testing (including penetration testing), conduct risk assessments, and monitor compliance with security policies.

Other Privacy and Security Rules:

  • 256 bit AES encryption on stored documents
  • COMODO SSL Certificate (SSL/TSL creates a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption).
  • Data backups stored in secured safe, world class data centers.
  • Account owner authentication
  • Restricted outside access to all servers and production workstations
  • Sophisticated monitoring and escalation system
  • Automated data backups
  • Automated virus checking
  • Report any non-compliance of which we become aware
  • Notice of data breach
  • Access to production systems is restricted with unique SSH key pairs, and security policies and procedures require protection of SSH keys. An internal system manages the secure public key exchange process, and private keys are stored securely.
  • All employees complete thorough background checks and are required to sign a confidentiality agreement as part of their employment contract
  • All employees receive training on our policies and procedures according to HIPAA mandates.
  • Named a HIPAA Security Official who creates, maintains, and trains regarding our HIPAA policies and procedures.

Business Associate Agreement (BAA)

We sign Business Associate Agreement (BAA) with users during the sign-up process.