HIPAA Compliant Security Rules

For us at Transferum, the security of our cutomers' data and the integrity of our hardware devices is the number 1 concern when coming about security.

That is the reason we try to be fully compliant and to implement HIPAA security rules.

Starting with the "reasonable" Privacy Rules for everyone(incl. FREE service) to the most regurous physical and technical safeguards, we respect and implement.

Here below the HIPAA security requirments and the way Transferum company implements and respects as much rigurous as possible.

The HIPAA Security Rule outlines the requirements in five major sections:

  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Organizational Requirements
  • Policies, Procedures and Documentation Requirements

 

Administrative Safeguards

Security Management Process - the factor "Risk" is taken in consideration by our management team.That is why we implemented back-up recovery strategies of your data.We are able to restore the files in case of some natural disaster or an unexpected system failure.

 

Physical Safeguards

Facility Access Controls - all the people who enter Transferum's perimeter are identified and verified

Workstation Use - the access to our servers and our OS, is done by our personel ONLY.

Workstation Security - the physical access to our hardware devices is done by our qualified and authorised personale ONLY.

Device and Media Controls - from this point of view all Transferum's disks can be Re-Used in case of calamity and/or hardware distroial.The disks and data that resides on them are backed up on daily basis localy and after send over a secure chanell to a remote storage.These procedures would permit Transferum's company to continue providing its service at the same level with the minimum down-time, in case of calamities.


Technical Safeguards

Access Control - the access to each user's storage space is done based on an User Name and a password.Transferum doesn't allow anonymous access to none of its FTP sites.The time spent by each user loged on the system is predifined and has an automatic timeout after a certain time of inactivity or connection

Audit Controls - all the actions on the servers are logged and any action can be identified in case of need(unauthorised intrusion attempts)

Person or Entity Authentication - as mantion all our customers must provide an user name and a valid password to be able to access their storage space

Transmission Security - The security is NOT an issue at Transferum as it provides HTTPS access to all its customers(incl. FREE service) and FTPS access to its Paid subscriptions.Above all our servers are able to make the CRC checks to verify the size of data uploaded/downloaded to/from the server.