Skip to main content
Kameleoon HIPAA compliance

How Kameleoon supports HIPAA compliance

April 28, 2020
Reading time: 
3 min
Frédéric de Todaro
Fred De Todaro
Fred is Kameleoon's Chief Product Officer and leads the company's A/B testing, feature management, and personalization product strategy. Leading product teams across Europe and North America, he regularly shares his advice on product trends in experimentation and how best to deploy Kameleoon technology.

1 ​What is HIPAA?

The United States Health Insurance Portability and Accountability Act (HIPAA) safeguards patient information by setting data privacy and security standards. It stipulates who can access health information (and when), protecting this data to ensure it remains confidential.

 

HIPAA IN A NUTSHELL

Originally passed in 1996, HIPAA’s range was widened through the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was incorporated into law in 2013. Amongst other points, the HITECH Act extends the penalties for non-compliance, with violations potentially resulting in fines up to $1.5 million. It also expands who the legislation covers to include subcontractors, such as providers of SaaS-based software handling Protected Health Information (PHI).

 

HIPAA in a nutshell

Therefore every company handling PHI as part of its operations (called a Covered Entity) needs to ensure compliance - and make sure that its subcontractors (classed as Business Associates) are also meeting legislative requirements. 

Here are some definitions you need to know before discussing how Kameleoon helps achieve HIPAA compliance:

 

 HIPAA

  • Health Insurance Portability and Accountability Act, passed in 1996

 PHI (or ePHI) - (electronic) Protected Health Information

  • Data that can be used to identify an individual, their medical history or payment history. This includes name, address, social security numbers and biometric data.

OCR - the Office for Civil Rights of the Department of Health and Human Services

  • This is the body responsible for enforcing HIPAA’s provisions.

 Covered Entity

  • This is any organization that handles or transmits PHI electronically, such as a medical facility/practice, health insurer, HMO or health care clearing house.

 Business Associate

  • A company hired by a Covered Entity to help it carry out its health care activities and functions. There must be a written Business Associate Agreement or other arrangement in place to ensure compliance. 

2 ​How Kameleoon is HIPAA compliant

As an organization Kameleoon enables straightforward HIPAA compliance. At a technical level our platform is designed to meet the Act’s requirements, while we will quickly sign Business Associate agreements to ensure compliance before our systems are used with your PHI or ePHI. 

Our compliance focuses on these four areas:

PASSWORD EXPIRY RULES

HIPAA mandates that passwords have to be changed every 60 or 90 days. Within Kameleoon you can easily create rules to ensure users change their passwords at specified intervals.

Automatic generation of new passwords

SECURE DATA TRANSFER

To be compliant, all systems need to have the TLS 1.2 data security protocol in place. This is already the default within Kameleoon, meaning no changes need to be made to the solution to ensure compliance.

AUTOMATIC LOGOUT

To further protect ePHI, organizations must automatically log out users if they have been inactive for 15 minutes. This option is available within Kameleoon. 

BUSINESS ASSOCIATE AGREEMENT

As a trusted, compliant supplier to organizations across multiple industries Kameleoon follows clear, transparent processes in how we handle and protect data. We are happy to sign Business Associate Agreements (BAA) as part of any agreement with clients.

Thanks to these provisions, companies that need to be HIPAA compliant can use Kameleoon for both A/B testing and personalization projects.

To find out more about our support for HIPAA compliance please contact us at [email protected] or get in touch with your Customer Success Manager.

Topics covered by this article
Frédéric de Todaro
Fred De Todaro
Fred is Kameleoon's Chief Product Officer and leads the company's A/B testing, feature management, and personalization product strategy. Leading product teams across Europe and North America, he regularly shares his advice on product trends in experimentation and how best to deploy Kameleoon technology.