HIPAA Compliance and ActiveDEMAND

Getting a BAA for HIPPA Compliance

ActiveDEMAND has a strong focus on security. For customers in the healthcare sector who process Electronic Personal Health Information (ePHI), ActiveDEMAND can help support compliance by executing a Business Associate Agreement (BAA) along with the customer.

For customers who are processing ePHI and are bound by HIPAA, they have to follow mandatory steps to establish a Secure Operating Environment (SOE).
Steps include:

SOE Compliance

Restrict Access

ActiveDEMAND supports multiple roles with different access capabilities. To reduce risk, employees and agents should only have the minimum access levels required to do their job.

IP Whitelisting

Whitelist IPs to only those users who should be able to access the platform.

Agent end-point computer security

Keep employee and agent end-points (computers, phones, any device used to access ActiveDEMAND) secure. The software must remain up to date and logins must be appropriately difficult to attack. Consult your IT company for structure on securing end-point access.

SSL

Using secure SSL communication is required. ActiveDEMAND requires the use of secure HTTPS and SSL to access the platform.

Mandatory Two-Factor Authentication (2FA) and password complexity

2FA and password complexity standards must be configured inside ActiveDEMAND and enforced on users.

User Data Rights

ActiveDEMAND supports user data rights. Customers can configure ActiveDEMAND to allow end-users to download and/or request deletion of their data (similar to a “Forget me” request in GDPR or personal data deletion requests in CCPA)

Start your 14-day free trial.