MyBodySite, LLC HIPAA Compliance Statement

MyBodySite, LLC (BodySite) is committed to and has implemented many safeguards to ensure its devices, services, websites and data systems (collectively “Products”) are compliant with the regulations and conditions set forth in the Health Insurance Portability and Availability Act of 1996 (HIPAA). This Statement is not intended to take the place of a Business Associate Agreement, which is to be signed upon becoming a client of BodySite.

BodySite is committed to continuous improvement to ensure BodySite Products incorporate state-of-the-art information technology privacy and security measures. We are committed to keeping all PHI (Protected Health Information) that is entrusted to us private and secure.  We have instituted policies and procedures to ensure this data is kept confidential.

As a “Business Associate” per the definition in the HIPAA Act, and by assignment of the HIPAA covered entity, BodySite is subject to the following controls:

Administrative Safeguards (HIPAA 164.308)

BodySite has implemented formal practices to ensure appropriate assignment of data access permissions and proper movement and handling of that data. All BodySite staff are trained on the HIPAA policies.

Physical Safeguards (HIPAA 164.310)

BodySite and its data center are physically secure. Access to the building and offices are all controlled via a private access code for entry. All devices and computers in the office are secured via unique passwords for every staff member. BodySite’s primary physical safeguard is to not retain sensitive data in any public or private BodySite location other than those assigned for database management.

Technical Safeguards (HIPAA 164.312)

Our hosting server company complies with the HIPAA Security Rule and HITECH Act, having implemented the standards published by the OCR in the HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework. The server has been tested and certified by security professionals from Kaiser Permanente, Morgan Stanley, and various HIPAA-focused consulting groups. Our hosting server has passed multiple penetration tests conducted by independent firms on behalf of its customers, and these tests continue frequently. The server is audited on a quarterly basis by independent security teams associated with its customers. In addition, our hosting server conducts an annual risk assessment as required by HIPAA.

The platform relies heavily on Amazon Web Services (AWS), leveraging its hardware and myriad services in a complex orchestration that provides stability for you and 24/7 monitoring by us. This security leader in the Cloud infrastructure space is compliant with dozens of certifications and audits, and your data is safeguarded by NIST standards and CIS benchmarks.

We are committed to keeping all PHI and sensitive information secure and to keeping our systems and procedures up to date and in compliance with all related regulations. For further information, refer to our Privacy Policy or contact us at info@bodysite.com.