HIPAA Compliance and ActiveDEMAND
Getting a BAA for HIPPA Compliance
ActiveDEMAND has a strong focus on security. For customers in the healthcare sector who process Electronic Personal Health Information (ePHI), ActiveDEMAND can help support compliance by executing a Business Associate Agreement (BAA) along with the customer.
For customers who are processing ePHI and are bound by HIPAA, they have to follow mandatory steps to establish a Secure Operating Environment (SOE).
Steps include:

SOE Compliance
Restrict Access
ActiveDEMAND supports multiple roles with different access capabilities. To reduce risk, employees and agents should only have the minimum access levels required to do their job.
IP Whitelisting
Whitelist IPs to only those users who should be able to access the platform.
Agent end-point computer security
Keep employee and agent end-points (computers, phones, any device used to access ActiveDEMAND) secure. The software must remain up to date and logins must be appropriately difficult to attack. Consult your IT company for structure on securing end-point access.
SSL
Using secure SSL communication is required. ActiveDEMAND requires the use of secure HTTPS and SSL to access the platform.
Mandatory Two-Factor Authentication (2FA) and password complexity
2FA and password complexity standards must be configured inside ActiveDEMAND and enforced on users.
User Data Rights
ActiveDEMAND supports user data rights. Customers can configure ActiveDEMAND to allow end-users to download and/or request deletion of their data (similar to a “Forget me” request in GDPR or personal data deletion requests in CCPA)


