Lindy is HIPAA compliant.

In this article, you'll learn about the essentials of the Health Insurance Portability and Accountability Act (HIPAA), and how Lindy achieves compliance with its stipulations. We will:

The U.S. approaches privacy through a combination of various federal and state laws, rather than a unified set of regulations. These laws target specific types of sensitive and potentially identifying information. Additionally, numerous regulatory bodies provide guidelines that, while not legally binding, are regarded as best practices in the realm of privacy.

Organizations in the U.S. that handle Personal Health Information (PHI), particularly in electronic form, must comply with HIPAA. Lindy was designed and built from the ground up to comply with HIPAA provisions.

The Privacy Rule within HIPAA specifies what constitutes Personal Health Information (PHI) in the U.S., establishes privacy standards, and controls the overall handling and disclosure of PHI, regardless of its form. The definition encompasses a wide array of information types commonly encountered in health clinics, such as:

In essence, any distinct identifying number, characteristic, code, or other data must be managed, stored, utilized, disclosed, or otherwise processed in compliance with HIPAA’s privacy guidelines.

The HIPAA Security Rule specifically addresses the protection of electronic Protected Health Information (PHI). HIPAA specifies three safeguards critical to PHI security:

These are policies and procedures designed to clearly show how the covered entity will comply with the act. This includes the assignment of a security official, risk analysis, risk management policies, training programs, and evaluation processes.

Lindy's Administrative Safeguards. Lindy employees go through recurrent confidentiality training programs, are restricted in what medical information they have access to, and sign a strict confidentiality agreement, demonstrating they understand the confidential nature of medical data.

These involve physical measures, policies, and procedures to protect electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion. This includes access controls, workstation use and security, and device and media controls.

Lindy's Physical Safeguards. Lindy is hosted on secure data centers utilizing state-of-the-art physical and digital access controls. For more technical detail on our cloud provider's approach to security, we recommend this guide.

These are automated processes used to protect data and control access to data. They include access control to allow only authorized personnel to access PHI, audit controls to record activity on hardware and software, integrity controls, and transmission security to protect ePHI while it's being transmitted electronically.

Lindy's Technical Safeguards. The technical team at Lindy considers privacy and security in every aspect of developing our applications. This includes, for example, state-of-the-art encryption for any information sent from your browser to Lindy's servers, as well as any information that is at rest in Lindy's servers. In addition, all employees at Lindy have individual accounts with limited technical access, and all data and service access is automatically monitored.

You can learn more about Lindy's commitment to HIPAA compliance, as well as other privacy and security legislation and standards, in our interactive Trust Center.