HIPAA Compliance
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance. Covered entities (anyone providing treatment, payment, and operations in healthcare) and business associates (anyone who has access to patient information and provides support in treatment, payment, or operations) must meet HIPAA Compliance. Other entities, such as subcontractors and any other related business associates must also be in compliance.
According to HIPAA, if you belong to the category of “covered entities” or “business associates,” and you handle “protected health information (PHI),” you and your business are required to be HIPAA-compliant. “Covered entities” describes U.S. health plans, health care clearinghouses, and health care providers.
Refered only collects the following data provided by the client (you): Employee Names, Employee ID is provided (at random) unless changed by the client (you), hours worked weekly, bi-weekly or an aggregate. Refered reports include total bonuses paid to employees (weekly, monthly, quarterly, YTD and lifetime), Turnover rates, User/Employee logins, Employee referral report.
Refered does not share or sell any platform data.
Data Center: DigitalOcean
Refered uses SSL (Secure Sockets Layer) as a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.
On top of the enterprise level of security offered by DigitalOcean, Refered is also engaging a 3rd party firm to certify all data is secure and all data collection within our process of onboarding is secure. Learn more about Security Metrics: security review and certification of HIPAA Compliance, PCI DSS Compliance and Data Security.