HIPAA Compliance Policy
Introduction
At Thru, we are committed to ensuring the privacy and security of protected health information (PHI) in full compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.
As a Managed File Transfer vendor, we provide secure file transfer solutions to covered entities and business associates in the healthcare industry. This policy outlines our approach to maintaining HIPAA compliance.
Access Controls and Auditing
Our MFT solution implements robust access controls, including role-based access, multi-factor authentication, and detailed audit trails to monitor and prevent unauthorized access to PHI.
Data Encryption
All PHI data transferred through our MFT solution is encrypted in transit and at rest using HIPAA-compliant encryption algorithms and key strengths (e.g., AES-256).
Secure Transfer Protocols
Our MFT solution supports secure file transfer protocols such as SFTP, FTPS, and HTTPS to ensure the confidentiality and integrity of PHI during transfer.
Incident Response and Breach Notification
We maintain documented procedures for identifying, responding to, and reporting any security incidents or potential breaches involving PHI in accordance with HIPAA's Breach Notification Rule.
Risk Management and Assessments
We conduct regular risk assessments to identify potential vulnerabilities and implement appropriate safeguards to mitigate risks to the confidentiality, integrity, and availability of PHI.
Workforce Training and Awareness
All employees receive regular HIPAA training to ensure awareness and adherence to PHI privacy and security practices.
Policies and Procedures
We maintain comprehensive policies and procedures to govern all aspects of HIPAA compliance, including PHI handling, security incident response, and workforce training.
Compliance Audits and Monitoring
We regularly monitor and audit our HIPAA compliance through internal assessments and third-party audits or certifications.
Conclusion
We review and update this policy periodically to ensure ongoing compliance with HIPAA and other applicable privacy and security regulations.
For any HIPAA-related inquiries or concerns, please contact our Privacy Officer at secops@thruinc.com