HIPAA Security and Privacy

Purpose
Texliff, a professional translation service provider, is committed to upholding the privacy and security of Protected Health Information (PHI). This policy outlines our commitment to complying with HIPAA regulations and safeguarding electronic PHI (ePHI) through comprehensive data protection measures.

I. Policy Overview
Texliff enforces robust security protocols to detect, prevent, and respond to any potential security threats involving ePHI. Access to ePHI is strictly limited to authorized personnel who require it for their roles. All translators assigned to ePHI-related projects are required to complete HIPAA certification training, and in-house staff receive extensive training on data security practices.

II. Key Principles
The Privacy and Security Officers at Texliff oversee HIPAA compliance by managing project inventories involving PHI and employing risk management practices to mitigate vulnerabilities.

Use of AWS Cloud Services
Texliff operates using Amazon Web Services (AWS) cloud servers, which meet HIPAA compliance requirements. AWS provides a secure infrastructure that aligns with regulatory standards for handling ePHI. 

Risk Management and Analysis
Texliff conducts risk assessments:

  • When implementing new systems that handle ePHI.
  • Periodically, as part of a continual risk management strategy.
  • Following the discovery of new risks or security incidents.

These analyses help ensure the confidentiality, integrity, and availability of ePHI and protect against unauthorized access or disclosure.

III. Procedures and Responsibilities
The Security Officer at Texliff is responsible for developing and maintaining procedures to:

  • Identify and document potential security incidents.
  • Respond swiftly to incidents and mitigate any negative impact.
  • Maintain thorough documentation of incidents, which is retained for at least six years.

Employees are trained to follow these procedures, with regular audits performed to monitor system activity and review access logs for unusual patterns.

IV. Data Protection Practices
Texliff utilizes ISO 27001-certified data centers for secure data management. All data transferred between clients and our systems is encrypted using 256-bit SSL technology, ensuring the highest level of data security during transmission.

V. Contact Information

  • Security Officer: Matthew Coleman, matthew@texliff.com.
  • Privacy Officer: Sandra Morris, sarah@texliff.com.

VI. Exceptions to the Policy
Any deviations from this policy must be reviewed and approved by the Security Officer, with documentation provided for any exceptions.

VII. External Resources
For more information on AWS's HIPAA compliance, refer to AWS HIPAA Compliance Documentation. For comprehensive HIPAA guidelines, you may visit the HIPAA official website.

Policy Review and Updates
Texliff reviews and updates this policy annually or as necessary to stay current with regulatory requirements and operational changes.