Data protection is an integral part of working with data today. 2020 saw a huge increase in records exposed in data breaches, and no company wants to leave themselves open to the reputation hit a breach causes. The stakes are even higher for industries that work with sensitive financial or patient data. In these cases, the government steps in with regulations to make extra sure consumer data is protected.
StreamSets is committed to assuring customers and prospects that fall under the HIPAA covered entity designation that we have the appropriate safeguards in place to prevent the inappropriate use or disclosure of protected health information (PHI). With this in mind, we recently completed a HIPAA Validation Audit performed by a CPA firm that determined we are currently meeting the requirements for Security and Breach Notification Rule Protocols and achieved certification as a HIPAA business associate.
What Is HIPAA?
The Health Portability and Accountability Act (HIPAA), enacted in 1996, lays out the standard for sensitive patient data protection. Like SOC 2 – another certification recently secured to demonstrate StreamSets’ commitment to transparency and security – HIPAA involves physical, network, and process security measures. In HIPAA, these security measures protect companies that deal with protected health information (PHI). Companies, which provide treatment, payment, or operations to patients (covered entities), must be HIPAA compliant and obtain certification, as must their business associates.
What Is a HIPAA Business Associate?
According to the US Department of Health & Human Services: “A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity… The Privacy Rule lists some of the functions or activities, as well as the particular services, that make a person or entity a business associate if the activity or service involves the use or disclosure of protected health information.” Business associate functions and activities include: data analysis, processing, or administration and business associate services include data aggregation.
Certification as a HIPAA business associate demonstrates that StreamSets understands HIPAA compliance. Covered entity customers, which follow configuration and implementation processes and practices consistent with HIPAA regulations, can use StreamSets to help them stream, transform, and process their HIPAA data with confidence.
Why HIPAA Business Associate Certification is a ‘Must-Have’ for Streaming Data
Covered entity customers running PHI through StreamSets data pipelines consider business associate certification a “must-have.” If a pipeline were misconfigured, it is technically possible that someone at StreamSets might come across PHI data. Covered entities must protect their patient data (and business interests), so they need to make sure the vendors they rely on can demonstrate that they handle PHI appropriately.
Dedicated to Security & Customer Success
Though StreamSets products do not directly touch or have access to any patient information, we take security and confidentiality seriously. By investing time and resources in the HIPAA business associate certification process, StreamSets gives our customers and their patients an added safeguard. StreamSets is dedicated to customer success and builds data protection and security into everything we do. We’ll always go the extra mile for data and our customers! Learn more about DataOps in healthcare.