The following is for informational purposes only and does not constitute contractual obligations. Our legal relationships with customers are governed solely by our formal legal agreements. For specific legal advice, please consult with your own legal counsel.
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data in the United States. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. This act is significant because it provides patients with important rights to their health information while holding entities accountable for the privacy and security of this information.
At Smilecloud, we are dedicated to upholding high data protection and privacy standards, including HIPAA regulations. As we understand the importance of securing PHI, our security measures and policies are designed to protect the integrity, confidentiality, and availability of your health information.
It's important to clarify that there is no official government-endorsed "HIPAA certification" process. However, Smilecloud has undergone a comprehensive HIPAA attestation examination to ensure that we meet the rigorous standards set forth for protecting health information (see below).
Smilecloud demonstrates its commitment to HIPAA compliance through a rigorous examination process conducted in line with SSAE 18 (Section 205) standards under the expertise of licensed CPA firm Schellman & Company, LLC.
This review focuses on our adherence to the HIPAA Security Rule and HITECH Breach Notification Rule, providing an opinion on the effectiveness of our information security program as of the review date.
The testing procedures were performed based on the Office for Civil Rights (OCR) established audit inquiry procedures, as applicable, and as defined within the Office of Civil Rights (OCR) audit protocol updated as of April 2016.
A Business Associate Agreement (BAA) is a critical document that outlines the responsibilities of both parties in protecting PHI under HIPAA. This legal contract ensures that Business Associates use, disclose, and safeguard PHI properly, adhering to HIPAA regulations.
Smilecloud offers a BAA that details the measures we take to protect your data and the expectations for our customers in managing their PHI. Customers can readily accept our BAA through the Legal and Compliance Center found in the settings dashboard of their account.
HIPAA compliance is a shared responsibility between Smilecloud and its customers. Accepting our Business Associate Agreement (BAA) is a fundamental step towards enabling HIPAA compliance for your organization when using our services. You should consider accepting the BAA if:
By accepting our BAA, you affirm that Smilecloud's security posture aligns with your HIPAA compliance requirements. It is crucial that upon accepting the BAA, your organization also adheres to HIPAA-compliant practices in your use of our services. This includes ensuring that PHI is handled in accordance with HIPAA standards and implementing appropriate safeguards to protect health information.
