HIPAA compliance for Jivrus Products
What is HIPAA?
The Health Insurance Portability and Accountability Act is a United States act that was created primarily to modernize the flow of healthcare information, stipulate how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.
How our products enable you to comply with HIPAA policies
Customer operates as the data controller and Jivrus operates as a data processor. Customer has the responsibility for ensuring that the personal data of subjects they are collecting are being processed lawfully and, similar to controllers, processors, that processes personal data on behalf of a data controller, are expected to comply with the HIPAA.
Data Storage and Processing
Customers data is stored in their Google account: inside Google Sheets, Docs, Gmail, Google Drive or Google Forms. Our add-ons read the data directly from your data source and perform the necessary actions (like reading/writing on Sheets, sending emails, generating documents) without storing any transactional data on our servers.
We store and process user identification, plan subscription, quota, usage analytics data in Google Cloud database (us-central) and its servers are located in the United States (Central) data center.
We use Google’ Stack driver logging tool for error tracking and debugging errors. It includes stack traces, error messages and the logs
We use PayPal and Stripe to manage your payments. The payment processors only provide the customer’s email address, subscription details and billing address for generating invoice. We do not have access to any banking or credit card information of our customers.
We do not transfer, sell, make copies, or share any of your data processed by our products to third party services or companies. We only store data that is absolutely necessary for our products to function.
Subscribers have all their information in Google account: Google Sheets/ Docs/ Forms/ Drive. This allows for easier migration to other services.
Data Erasure (Right to be forgotten)
Subscribers can deactivate products and can permanently delete all their data from the database. You can also contact us to submit a deletion requires and, in compliance towards HIPAA, we’ll permanently delete all your data.
If the users uninstall a products, or revoke access to the products from your Google Account, the product will not be able to access any of your data and will instantly stop functioning.
Our products facilitate the compliance to HIPAA for our users. If the users are dealing with their customers using of our products, they need to practice complying with HIPAA with their customers data.