Security and Privacy

HIPAA Compliance
The video conferencing service is designed to meet the privacy and security requirements for Protected Health information. Our policies, procedures, technologies and services are audited by a third-party to validate conformance with HIPAA privacy and security requirements and offers end-to-end encryption for all meetings using WebRTC standards with SSL and DTLS for signaling and SRTP for data-channels and all media.

Payment Processing
Our payment processing system has passed the strict testing procedures necessary to be compliant with the PCI Data Security Standards (PCI DSS).

SSAE 16 Type II-audited datacenters
The datacenters used are audited to the SSAE 16 Type II standard, which validates the provider’s commitment to the trust principles of security, availability, processing integrity, confidentiality, and privacy.

Regarding HIPAA (Health Insurance Portability and Accountability Act) requirements, is a “Business Associate” as defined by the HIPAA regulations. However, it is also the customer’s responsibility to ensure that the applications and methods in which the customer transfers information to and from our network are done in compliance with the HIPAA requirements. This includes, but is not limited to, compliant procedures in place within your organization with respect to data privacy, email, cybersecurity, intrusion detection, facilities, and personnel behavior.

Staff engaged to secure and control Customer Personal Information (CPI) are subject to the following:

* Documented employee policy that clearly identifies illegal use of CPI is a crime and cause for termination.
* Limiting access of CPI to small set of authorized employees.
* All access to CPI information requires login and password authorization.
* Review of all employees who have CPI access on a monthly basis.
* No storing of CPI in unsecure system, including but not limited to e-mail, web server logs, paper or notepads and unsecure computers or laptops.
* CPI information is never allowed to leave the facilities, except via secure courier to offsite storage.
* All CPI information is located on secure network server that is isolated from public network.
* Standard network architecture and security is employed to prevent access to internal network, including but not limited to firewalls, DMZ and security patch maintenance.
* Quarterly audit of network security by third party (PCI authorized) vendor.
* Transmitting of CPI to third party vendors is via secure private network.

Commitment to Customer Personal Information security will continue as one of our highest priorities.

Share this page: