SECURITY AND COMPLIANCE
Security and compliance are baked right in
Security & Compliance
Compliance is a part of everything we do at STRAND. All technology solutions, business processes, development are designed and built with security and compliance as a major focus.
All of the STRAND data architecture and components are deployed within a HIPAA compliant and HITRUST certified data center. STRAND is developed and designed with security and compliance at the core of every system. All of our data systems are held higher than the HIPAA standard and we include active security monitoring to ensure data is secure at all times.
All data at rest and in transit is encrypted end to end, allowing for peace of mind when managing your clinical data with STRAND.
We are HIPAA Compliant
As a business associate under HIPAA, STRAND has performed self-assessments to ensure HIPAA compliance. We have a complete security policy based on guidance from NIST 800-53 and maintain active business associate agreements (BAAs) with all partners for performing HIPAA compliant functions as well as handling other personal health information as needed.
Our Data Centers are HITRUST Certified
The Health Information Trust Alliance (HITRUST) has developed the HITRUST CSF, a certifiable framework that provides organizations with the needed structure, detail and clarity relating to information security tailored to the healthcare industry. HITRUST, with input from leading organizations within the industry, identified a subet of the HITRUST CSF control requirements that an organization must meet to be HITRUST CSF Certified.