We are

HIPAA Compliant

Our compliance is verified at the highest levels of HIPAA’s privacy, security, and breach notification assessments.

see our certificate

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets the standard for protecting sensitive patient data in the U.S. The primary goal of this law is protect the confidentiality and security of healthcare information.

Firmex has been verified as “compliant” under Avertium’s HIPAA Certification Program. Being compliant with HIPAA means that we have implemented the necessary technical, physical and administrative “safeguards” (controls) to ensure compliance with the HIPAA Privacy, Security and Breach Notification requirements.

HIPAA Matters to Both of Us

  • Covered Entities (CE): anyone who provides treatment, payment and operations in healthcare Business
  • Associates (BA): anyone with access to patient information and provides support in treatment, payment or operations
  • Subcontractors, or business associates of business associates

 

HIPAA requires all CEs to sign Business Associate Agreements with BAs and third party vendors. If you use Firmex to store electronic public health records, you must sign a Business Associate Agreement with us.

As of 22 September, 2014 if you do not have a Business Associate Agreement in place with all BAs and/or third party
vendors, you could be penalized.

We Support HIPAA Compliance in Lots of Ways

In addition to a signed Business Associate Agreement, we support HIPAA compliance through the following product
features and organizational policies:

  • Ongoing Risk Management and Assessment by company executives
  • Data encryption in transit and at rest
  • Restricted physical access to servers
  • Strict logical system access controls
  • Dedicated firewall and network monitoring
  • Granular administrative controls that allow our clients to:
    • Control access to files (e.g. restrict downloading, saving, printing)
    • Lock down files by IP address or computer
    • Password protect files
    • Monitor access to documents
  • Reporting and audit trail of account activities for users & documents
  • Formally defined breach notification policy
  • Training of employees on security policies and controls
  • Employee access to customer data files are highly restricted
  • Multiple data center facilities to mitigate disaster situations
  • 99.9% uptime SLA

Firmex Toronto
110 Spadina Avenue, Suite 700
Toronto, ON, Canada  M5V 2K4

Firmex London
The Leather Market
11-13 Weston Street, Unit 12G2
London, England  SE1 3ER

Firmex Costa Rica
Building C14, 4th Floor,
America Free Zone
San Francisco, Heredia
Costa Rica, 40103

N. America +1.888.688.4042
Europe +44 (0) 20.3371.8476
International +1.416.840.4241
Australia +61.180.087.9509

BOOK A DEMO
GET SUPPORT
Virtual Data Room
Firmex For
Industries
Resources
About Firmex