REMEDi's HIPAA Compliance Statement
Remedi Innovations Sdn Bhd (REMEDi) is committed to and has implemented many safeguards to ensure its services, websites and data systems (collectively “Products”) are compliant with the regulations and conditions set forth in the Health Insurance Portability and Availability Act of 1996 (HIPAA). REMEDi is committed to continuous improvement to ensure its Products incorporate state-of-the-art information technology privacy and security measures.
As a “Business Associate” per the definition in the HIPAA Act, and by assignment of the HIPAA covered entity, REMEDi is subject to the following controls:
Administrative Safeguards (HIPAA 164.308)
REMEDi has implemented policies to ensure appropriate assignment of data access permissions and proper movement and handling of that data. HIPAA training is an annual mandated event for all staff, as well as an annual review of policy effectiveness during internal or 3rd party auditing of our Products.
Physical Safeguards (HIPAA 164.310)
REMEDi’s primary physical safeguard is to not retain sensitive data in any public or private REMEDi location other than those assigned for database management and quality assurance activities. Specific workstation usage, disposal, reuse and security measures are in place. Access to REMEDi facilities is all independently controlled via card access preventing walk-up intrusion. REMEDi’s data centre uses a cloud-based architecture with inherent security measures including 24 hours monitoring, advanced fire protection systems, uninterruptible power and database redundancy. Annual audit of the facility security plan, disaster recovery plan, and contingency plans are in place.
Technical Safeguards (HIPAA 164.312)
To further protect sensitive data, REMEDi enforces unique software architecture that includes user identifications, various database audit logging, data integrity systems and verified backups, entity authentication programs, digital certificates, various levels of encryption and other custom architecture to further obscure sensitive data from threats.