The Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) establishes regulations for the use and disclosure of an individual’s Protected Health Information (PHI) held by ‘covered entities’ (typically clearing houses, employer sponsored health plans, health insurers and medical service providers). Such ‘covered entities’ can process PHI through Scrypt’s products and services entirely confident that we can help them meet the HIPAA requirements.
Scrypt may be defined as a ‘Business Associate’ (BA). A BA is a person or organization that performs certain services for a covered entity involving the use and/or disclosure of PHI. When PHI is transferred from one computer to another, HIPAA security measures need to be implemented by the covered entity and BA.
According to the Security Standard Final Rule, a covered entity may permit a BA to create, receive, maintain or transmit ePHI on the covered entities behalf only if the BA obtains satisfactory assurances, in accordance with §164.305(a) that the BA will appropriately safeguard the information.
This information is intended to provide assurance that Scrypt will safeguard all information transferred to and from covered entities while using our products and services. Scrypt has implemented physical, organizational and technical safeguards necessary to protect the confidentiality and integrity of the information being processed.