Skip to Main Content
Sisense
Demo
Home > Legal > HireLoop and HIPAA compliance

HireLoop and HIPAA Compliance

At HireLoop we understand that our healthcare customers need to ensure they stay compliant with HIPAA requirements as they manage, process or archive Protected Health Information (PHI). HireLoop platform is a HIPAA-ready solution that provides a high level of data security, integrity and encryption needed to maintain HIPAA compliance.

Is HireLoop HIPAA compliant?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that establishes data privacy and security requirements for organizations that are charged with safeguarding individuals’ protected health information (PHI). HireLoop platform is a HIPAA-ready solution that provides a high level of data security needed to maintain HIPAA compliance. In provisioning and operating the HireLoop platform and services, HireLoop complies with the provisions of the HIPAA Security Rule, Breach Notification Rule, and Privacy Rule that are required and applicable to it in its capacity as a business associate. As such, HireLoop has experience partnering with its healthcare customers to ensure that each party is meeting their respective HIPAA obligations.

Section 1 Img

HireLoop security controls & compliance

We understand the importance of data security to our healthcare customers and HireLoop continuously implements security protocols and industry leading practices to achieve top level certifications such as ISO and SOC2.

HireLoop provides several key security features to its customers that enables HIPAA compliance.


Protection of Data in Transit

HireLoop leverages Transport Layer Security (TLS) 1.2+ to secure data in transit.


Protection of Data at Rest

HireLoop helps customers implement the proper encryption methods for any data stored on the HireLoop platform.


Data Access Controls

HireLoop account administrators have secured access to manage individual, group, or organization level management. You can find out more on our Security and Trust page. Additionally, HireLoop can configure customer specific data access controls to help secure your data. You can learn more here:

Customer’s security controls & compliance

You, as the customer, are responsible for ensuring that the environment and applications that you rely on when using HireLoop services are properly configured and secured according to HIPAA requirements. Since HireLoop itself is not a database, but a reporting and query tool, HireLoop’s HIPAA compliance is contingent on your compliance with HIPAA requirements. This is often referred to as the shared security model.

HireLoop offers a number of ways to help you manage your data security and governance and to maintain your HIPAA compliance. However, you are ultimately responsible for securing the following areas and HireLoop takes no responsibility for any breach or violations that result from:

  • Your environment.
  • Your databases.
  • Your configuration of access permissions and security controls for internal users and third-parties you authorize to use your databases.

The Business Associate Agreement (BAA) covers HireLoop’s services as described in the applicable services agreement to which the BAA is attached, except that the following are not covered by the BAA:

  • Any third-party services or tools provided by an entity other than HireLoop or its affiliate.
  • Any custom code, API integration or services developed by the customer.
  • Any plug-ins or add-ons that have not been certified by HireLoop (even if created specifically for you at your request). See the HireLoop Marketplace for additional information.
  • Any services that are not generally available (such as beta features and previews).

HireLoop recommends the following technical best practices when configuring the HireLoop platform to maintain HIPAA compliance:


Auditing Access to PHI

Depending on the level of access that your users will have to PHI, HireLoop can help you implement row-level monitoring of access to sensitive data. You can learn more here:


Secure Configuration

Implement industry-standard methods of authenticating users such as two-factor authentication or SAML-supported SSO iDP, and to the extent a user relies on SSO, restrict the “login_special_email” permission to a maximum of 2 users.


Database security

Configure the database access to ensure HireLoop does not have any write or administrative access to your databases.


Encryption

Ensure that all connections to the database are encrypted in transit, and if using an SSH tunnel connection, that a tunnel server is employed.


Implementation

When implementing HireLoop in a complex data environment involving PHI, we recommend you get help from partners and service providers with HIPAA expertise to determine your compliance needs and requirements. HireLoop Sales Engineers and Support staff will provide support along the way to assist in meeting your goals or guiding you to an appropriate deployment model.