PHI Safeguards Statement
This HIPAA compliance statement describes AlertGem’s policies, procedures, controls and measures to ensure current and ongoing compliance.
AlertGem’s Commitment
AlertGem does not meet HIPAA definition of “Covered Entity,” in part because the client provides all of the data.
All AlertGem and AlertCard data is kept on HIPAA-compliant servers at AWS using CloudFlare and Auth0 to further protect user data.
We will issue regular customer emails to notify clients of every electronic access to their data in a routine report. We won’t divulge or sell any patient information to any third party or business. Any person may ask for the deletion of all data at any time, and currently available data will be removed; As we keep 2 weeks of active backups, 14 days after the request for deletion the data will be unavailable in any format.
AlertGem has undergone a comprehensive review of all administrative, technical, and physical safeguards to ensure the protection of e-PHI.
This includes:
- Ensuring the confidentiality, integrity, and availability of all e-PHI created, received, maintained, or transmitted.
- Identifying and protecting against reasonably anticipated threats to the security or integrity of the information.
- Protecting against reasonably anticipated impermissible uses or disclosures.
- Ensuring compliance by our workforce.
AlertGem is also GDPR compliant, and all our technical, operational, and administrative systems comply with the ‘Privacy by design’ and ‘Privacy by default’ standards required by the GDPR. HIPAA-level safeguards provide an additional layer of security in handling any personal healthcare data that may pass through our systems.
Controls Implemented
AlertGem has implemented the necessary controls to ensure HIPAA-level safeguards including administrative, physical, and technical controls.
Risk Assessment
As part of our security management process, AlertGem conducts annual risk assessments including likelihood and impact of potential risks. A risk assessment helps ensure that controls are appropriate to address the organization’s needs. Conducting these annually ensures that organizations continue to provide the highest level of security for the data that they have been entrusted to protect.
Administrative Safeguards
AlertGem has implemented a security management process, including appropriate standard operating procedures (SOPs) and policies. An external security manager has been assigned to help develop and review procedures and policies. Staff are kept up to date with changes and are trained on HIPAA and security annually. Internal review of these safeguards is done regularly to ensure compliance and for continual improvement.
Physical Safeguards
AlertGem ensures that the data centers have implemented strict facility access policies and all necessary and appropriate controls. Strict policies are in place to ensure e-PHI is only housed in secure locations.
Technical Safeguards
AlertGem has implemented appropriate technical safeguards including authentication and authorization for our employees and for users of our applications. Appropriate auditing and integrity controls are in place. All data transmissions to the data centers require encryption. Additional systems have been implemented where appropriate to ensure the highest level of security for our hosted applications.
Client Recommendations
When stored with our database, PHI is well guarded. The care taken by the Client is the facet unable to be controlled by the organization. You will be in possession of your AlertCard and must ensure that it is not misplaced.
Contact Information
Further documentation on specific policies and measures in place is available upon request. This Statement of PHI Safeguards is meant for informational purposes only and not as a form of covenant, warranty, representation or guarantee of any kind.
E-mail: [email protected]
For further information, please contact us by one of the following methods:
Address: 19206 65th Pl NE, Kenmore, WA 98028, USA
Number: 720-648-0469