Our data security happens behind the scenes whether data comes through our mobile app or a web browser. Here are the elements ensuring data security at Reimbursify:
- All data is housed in healthcare-grade servers abiding by HIPAA regulations (which dictates the servers be located in the USA)
- PHI (protected health information) access is only granted to those in the company that need it to perform their job function. Our sales team, for example, has absolutely zero access PHI. Furthermore, full database access is limited to a very small group.
- Our databases utilize the HIPAA level security as mentioned above. We also utilize 2-factor authentication for logins, we track who has logged in and what they've viewed, and require the use of company laptops with antivirus, firewall, and device management software controlled by a centralized IT department.
- Full database access requires a whitelisted IP address (this means that for example, I can only access it from MY device from MY specific wifi access point or through a VPN).
- We have regular "penetration" testing done. This means that we utilize a service to see if they can "break in" to our database/platform so we can find and fix any vulnerabilities. There have not been any significant data breaches or vulnerabilities uncovered.
- While HIPAA allows for the anonymized use of PHI, we do not, nor have we ever sold our anonymized customer or patient data to anyone. We also have no plans to ever do so without acquiring consent.
- Finally, as a physician and psychiatrist, Vatsal Thakkar is the Chief Privacy Officer at Reimbursify.