TaqTik Health Inc’s marketplace cloud platform is one of the very few medical travel platform systems that can claim to have very good privacy and security protection and is compliance with US’s rigorous HIPAA (US Health Insurance Portability and Accountability Act of 1996) requirement.
G Suite HIPPA compliance
TaqTik Health Inc is using Google G Suite for email and storage. We are using a special version of G Suite which supports HIPAA compliance (US government’s the Health Insurance Portability and Accountability Act of 1996). Please see the following document for the implementation guide https://static.googleusercontent.com/media/gsuite.google.com/en//terms/2015/1/hipaa_implementation_guide.pdf
On Google side, Google works to keep users’ data secure in the cloud in a reliable and compliant way. From TaqTik side, we are using Google Service with PHI (Protected Health Information). TaqTik Health Inc. (FKA DocOverseas Inc.) signed the G Suite HIPAA Business Associate Agreement (BAA) with Google Inc in December 2015. Regarding Google Drive, we are setting Google Keep to comply with HIPAA requirement. We also go further beyond the HIPAA requirement by setting up 2-step verification and configuring enterprise sender identification technology. Any data including customers’ photos are also being scanned by Google Service before they can be upload to our G Drive storage to prevent viruses and malware.
In addition to supporting HIPAA compliance, the G Suite Core Services and TaqTik’s Marketplace Cloud Platform using G Suite Core are audited using industry standards such as ISO 27001, ISO 27017, ISO 27018, and SOC 2 and SOC 3 Type II audits, which are the most widely recognized, internationally accepted independent security compliance audits. To make it easier for everyone to verify our security, Google published its ISO 27001 certificate and a SOC3 audit report on its Google Enterprise security page.
TaqTik also takes extra steps to comply with HIPAA (the US Health Insurance Portability and Accountability Act) and use CSPs (cloud service providers) to store ePHI (electronic protected health information):
- Identify the people in our organization who handle PHI
- Allow only our Client Service team to have access to customers’ data
- Secure our devices. We require two-step authentication for account access, require a login on mobile devices, and configure our systems to remotely lock, locate, or erase devices.
- SalesForce HIPAA Compliance
TaqTik Health Inc. uses a custom version of patient navigation built on Salesforce force.com that supports HIPAA compliance. We signed HIPAA BAA agreement with Salesforce Inc. in January 2017. For Salesforce and Taqtik to comply with HIPAA:
Privacy, Integrity, and Availability
In additional for Salesforce.com’s HIPAA compliance, we carefully examine the data that we send to Salesforce and identify that every field containing ePHI (names, addresses, social security numbers, birth dates, information related to their payment for healthcare, etc.) are protected and encrypted.
Data Monitoring, Controlling and Implement
We lock ePHI data by crafting strict access policy for limiting access to data to only our employees and applications which truly need them.
Encryption and Tokenization
Salesforce supports secure gateway which acts as a gatekeeper of sensitive information ensuring its integrity no matter where the ePHI resides.
Salesforce Health Cloud and Salesforce Cloud protect every element with its built-in HIPAA compliance features which comprises of Salesforce Shield, Field Audit Trail, Platform Encryption, Data Archive, and Event Monitoring. It offers a new dimension in the provider-patient relationship along with many platform features and resources.