TaqTik Health Inc’s marketplace cloud platform is one of the very few medical travel platform systems that can claim to have very good privacy and security protection and is compliance with US’s rigorous HIPAA (US Health Insurance Portability and Accountability Act of 1996) requirement.
G Suite HIPPA complianceTaqTik Health Inc is using Google G Suite for email and storage. We are using a special version of G Suite which supports HIPAA compliance (US government’s the Health Insurance Portability and Accountability Act of 1996). Please see the following document for the implementation guide https://static.googleusercontent.com/media/gsuite.google.com/en//terms/2015/1/hipaa_implementation_guide.pdf On Google side, Google works to keep users’ data secure in the cloud in a reliable and compliant way. From TaqTik side, we are using Google Service with PHI (Protected Health Information). TaqTik Health Inc. (FKA DocOverseas Inc.) signed the G Suite HIPAA Business Associate Agreement (BAA) with Google Inc in December 2015. Regarding Google Drive, we are setting Google Keep to comply with HIPAA requirement. We also go further beyond the HIPAA requirement by setting up 2-step verification and configuring enterprise sender identification technology. Any data including customers’ photos are also being scanned by Google Service before they can be upload to our G Drive storage to prevent viruses and malware. In addition to supporting HIPAA compliance, the G Suite Core Services and TaqTik’s Marketplace Cloud Platform using G Suite Core are audited using industry standards such as ISO 27001, ISO 27017, ISO 27018, and SOC 2 and SOC 3 Type II audits, which are the most widely recognized, internationally accepted independent security compliance audits. To make it easier for everyone to verify our security, Google published its ISO 27001 certificate and a SOC3 audit report on its Google Enterprise security page. TaqTik also takes extra steps to comply with HIPAA (the US Health Insurance Portability and Accountability Act) and use CSPs (cloud service providers) to store ePHI (electronic protected health information):
- Identify the people in our organization who handle PHI
- Allow only our Client Service team to have access to customers’ data
- Secure our devices. We require two-step authentication for account access, require a login on mobile devices, and configure our systems to remotely lock, locate, or erase devices.
- SalesForce HIPAA Compliance