HIPAA and Data Security

Cirrus uses industry best practices to maintain HIPAA compliance for your data. To maintain compliance with the HIPAA security and privacy rules, we utilize the best available 256-bit RSA encryption, maintain your data only with the United States, and stored only on certified storage systems.HIPAA_Screenshot

In addition, our procedures limit use and access of your data to only necessary uses, including:

  • Principle of least access: only authorized personnel have access to your unencrypted data, and only for the tasks that require that access
  • Encryption in motion: data is transmitted in an encrypted form
  • Encryption at rest: Data is stored on servers encrypted, and with decryption keys never stored on the same server
  • Logged access: Every access of patient-identifiable data is logged
  • Role-based access: All access to patient data by a human is based on rights granted to a specific role. Users can be created for your use that limit access
  • Limited data: We only request the minimum necessary data to perform our work, keeping key elements of your patient records only within your facility