Groopit & HIPAA

Groopit gives organizations the ability to collect, share and use real-time data. Groopit HIPAA-compliant features allow organizations to include protected health information in real-time data sets and to safeguard the security of that PHI. Groopit maintains appropriate administrative, physical, and technical safeguards to provide for the continuing security of PHI.

Business Associate Agreement

HIPAA-compliant deployments begin with Groopit’s standard business associate agreement (BAA), making it easy for covered entities to bring Groopit on board as a business associate and to enable HIPAA-compliant features.

View standard BAA

Technical Overview

Groopit HIPAA-compliant deployments are implemented with the following privacy and security features: 

  1. All data is encrypted in transit and at rest, using only strong ciphers (symmetric key length with at least 256 bits) to encrypt data. 
  2. All data is securely stored with encryption keys used in the storage or transmittal of protected data. 
  3. All current, common, and verifiable industry security standards and best practices are adhered to by Groopit.

Groopit is a cloud-based software as a service.  Groopit requires its cloud vendor, Microsoft Azure, to adhere to the follow standards, at a minimum: 

  1. Data at rest encryption of at least AES-256.
  2. Cloud hosted systems will be patched at the most current levels and have vulnerabilities addressed in accordance with industry standards. 
  3. Cloud Service Provider shall be certified by an independent third party (i.e. SOC 2 Type 2, PCI/ISO 27001/NIST) 

    In addition to ensuring Groopit fulfills its business associate duties, the Groopit platform includes additional safeguard features for HIPAA-enabled deployments to help covered entities comply with their own HIPAA obligations. 

    To protect e-PHI, Groopit is configured to provide de-identified data access. When an administrator attempts to access data that has been collected in a HIPAA-enabled group, the data that has been submitted will be associated with a unique numerical identifier rather than the user account information. 

      Activate HIPAA-compliant Features

      To activate HIPAA-compliant features

      1. Qualifying organizations will enter into a Business Associate Agreement.
      2. Groopit will activate additional privacy safeguards compliant with HIPAA security requirements for the designated deployment.

      Contact to get started

      For more information on privacy, please review our Privacy Policy.