Yes, Raven takes all steps to ensure that Protected Health Information (PHI), such as patient medical records and other confidential patient information, is handled securely and confidentially. Raven has achieved HIPAA compliance verification by an independent third-party agency, HIPAA Secure Now.
Below are some of the many steps Raven takes to ensure privacy and security of PHI:
- Two-factor authentication (2FA) is available to Raven Customers, requiring additional two-step verification by SMS, Phone or Authenticator App during login.
- Secure Sockets Layer (SSL) / Transport Layer Security (TLS) are used to protect data in transit between Raven applications and with third parties.
- Data for file storage is split into chunks, and each chunk is encrypted with a unique data encryption key. Each chunk is distributed across our storage systems and replicated in encrypted form for backup and disaster recovery.
- Data centers for document storage include state of the art layered security including electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. Data center floors are protected by laser beam intrusion detection, and are monitored 24/7 by high resolution cameras and AI-detection for intruders.
- OAuth authorization protocol is used when connecting to third party cloud services, providing secure delegated access to send documents to your preferred cloud service.
Raven will sign business associate agreements (BAAs) with Raven Cloud and Raven Scanner customers who require them in order to comply with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).
At this time, there is no cost for executing a BAA, although BAA's will only be signed with accounts qualifying as Covered Entities defined under HIPAA or HITECH, and a Raven account must exist for that Covered Entity.
To request a BAA, or for additional questions about HIPAA compliance, feel free to contact us at firstname.lastname@example.org.