Global brands already trust Cronofy's security commitments

What is HIPAA?

HIPAA (Health Insurance Portability and Accountability Act) is a list of legislative requirements that define data privacy and security provisions for private medical information.

HIPAA has a number of specific goals; however, the part of HIPAA that applies to Cronofy is the protection of confidential patient data, against fraudulent access, abuse, and/or mishandling of that information.

Specifically, Cronofy is interested in Title II of the HIPAA standard, which includes the Privacy, Security, and Enforcement Rules.

Why is HIPAA important?

Cronofy has customers who process patient and health data. The security of that data is paramount to Cronofy. The rules outlined by HIPAA set out the appropriate placement of physical and electronic safeguards, to ensure that patient data is secure in transit, at rest, and upon arrival at its destination.

The rules also outline specific responsibilities with respect to the implementation of safeguards and complaints handling, as well as the training of employees.

Patients have the right to receive, upon request, a copy of their own information.

What's included in Title II of the HIPAA standard?

Title II of the HIPAA standard:

  • The Privacy Rule (otherwise known as Standards for Privacy of Individually Identifiable Health Information) sets standards for the protection of patient health information.
  • The Security Rule sets out standards for securing patient data.
  • The Enforcement Rule outlines the process for investigating violations or breaches of HIPAA compliance.

Data classed as private medical information includes, but is not limited to, a patient’s name, address, date of birth, social security number, the patient’s physical or mental health condition, the specific services provided, or any other information that could be used to identify the patient.

Serious about Data Protection

How can I sign a Business Associate Agreement with Cronofy?

Please contact our support team at support@cronofy.com who will provide you with a copy of our BAA to sign and return.

How does Cronofy ensure it’s HIPAA compliant?

Cronofy protects patient data by adhering to the rules set out in Title II of the HIPAA standard. Cronofy has physical, technical, and administrative safeguards in place to ensure that patient data is secure.

Cronofy also ensures that anyone who has potential access to patient data has signed a business associate agreement.

Even if you are a Cronofy customer to whom HIPAA does not apply, all Cronofy customers benefit from the additional security and policies implemented as part of Cronofy's HIPAA compliance.

ISO27001
certified

SOC 2
attested

GDPR
compliant

CCPA
compliant

Privacy Shield
compliant

HIPAA
compliant

Our team is here to help

If you don’t yet have a business associate agreement with us, or if you have any questions about our approach to the HIPAA compliance, we’re happy to answer any questions
you may have.
Get in touch