To our friends in the healthcare industry who worry about the protection of private health information (’PHI’), worry no longer—we’ve gone ahead and built a solution that helps you comply with HIPAA standards.
Organizations from diverse industries look to Dovetail to power greater customer understanding and help them to put their customer’s voice at the heart of everything they do. And for many of these organizations, data security and privacy are non-negotiable when gathering and storing customer information. This is why we continuously pursue the highest technical standards, organizational measures, and industry-recognized accreditation to ensure our customers have trust and confidence in our products. With the announcement of our new HIPAA-ready solution, we hope to continue supporting healthcare customers to improve the patient and practitioner experience worldwide.
COVID-19 has resulted in the rapid digital transformation of the healthcare industry. Providers have adopted new tools and technologies to improve the patient experience, increase workflow efficiency, and better the efficacy of data management. Healthcare organizations gather large amounts of first-party data from patients and practitioners to understand how they feel about the virtual healthcare products and services they’re experiencing, an essential component in improving the quality of their digital experience. Many healthcare organizations have turned to third-party software providers, like Dovetail, to analyze and glean insights from this data.
Customers and organizations must trust that their private health information (or that which they are accountable for) is being protected and their digital privacy respected. ‘HIPAA’ is one of the standards organizations rely on for guidance on what good looks like when securing both protected health information (’PHI’) and electronic protected health information (’ePHI’).
If you’re in the healthcare industry, you’ll likely be familiar with the Health Insurance Portability and Accountability Act of 1996 (’HIPAA’), a United States federal law that establishes data privacy and security requirements for organizations accountable for safeguarding PHI. When it comes to HIPAA standards, technology providers must have security in mind when building tools, processes, and procedures. This includes having the appropriate technical and organizational safeguards governing their technologies and the business policies and procedures around their use. While there’s no formal certification for HIPAA compliance, complying with the standards set out in HIPAA is a shared responsibility between software providers and their customers.
We’ve been building our products with a focus on security and data protection from day one. The knowledge that you entrust Dovetail with potentially sensitive and confidential research data about your customers is not something we take lightly.
The good news is we recently decided to step it up to ensure healthcare customers have a Dovetail solution that helps them comply with HIPAA standards. How do we know, you ask? Well, we engaged an independent firm specializing in integrated risk management and information security to conduct a HIPAA Security Risk Assessment and Implementation Review of our operations and services. They confirmed that the manner in which we store and process healthcare data is not only in alignment with HIPAA’s compliance requirements, but in many cases exceed requirements. What’s more is that they found our security risk program to be above industry average. So all in all, you can rest easy knowing that your protected health information is in good hands.
Our new HIPAA solution aims to enable healthcare-focused organizations to store, process, and analyze customer data (such as patient or practitioner feedback that includes PHI) securely and compliantly. Our HIPAA solution provides access controls and features to help manage PHI, such as advanced restrictions on sharing, access, and data exporting. Some of the key features of our HIPAA solution include:
→ The ability for users to export CSV files is disabled by default
→ The ability for users to download video files is disabled by default
→ Public access to and sharing of insights is disabled by default
→ Enforced authentication via SSO with email and password authentication is disabled
→ All sub-processors processing ePHI have entered into a BAA with Dovetail
→ The ability for customers to enter into a Business Associate Agreement (’BAA’) with Dovetail
While the Dovetail HIPAA solution provides customers with greater access controls to help manage PHI, the responsibility of the workspace admin is to control who within their organization has access to the contents of the workspace.
Our HIPAA solution is packaged as an optional add-on to our Enterprise plan, that customers can choose to purchase. Dovetail Enterprise customers who purchase the HIPAA add-on can enter into a BAA with us. To engage, review or sign a BAA with us, please contact our Enterprise team for more information.
Here at Dovetail, we’ve prioritized providing a HIPAA solution so that research and customer-facing teams in the healthcare sector can continue to store, analyze and collaborate on customer research, while ensuring that sensitive, valuable patient data remains uncompromised.
You can learn more about our HIPAA solution on our Enterprise page or by contacting our team today. You can learn more about our technical and organizational security measures in our detailed security documentation.