Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
How Nynja Supports the Standard
Platform connections are logged for audio and quality-of-service purposes.
Account admins have secured access to manage individual, group, or organization level management.
Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to authorized persons or software programs.
Unique User Identification: Assign a unique name and/or number for identifying and tracking user identity.
Emergency Access Procedure: Establish (and implement as needed) procedures for obtaining necessary electronic health information during an emergency
Automatic Logoff: Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
Encryption and Decryption: Implement a mechanism to encrypt and decrypt electronic protected health information.
How Nynja Supports the Standard
Data in transit is encrypted at the application layer using Advanced Encryption Standard (AES 256).
Web and application access are protected by verified email address and password.
Meetings are not listed publicly by Nynja.
Nynja is built on a microservices architecture to offer a high level of redundancy and availability.
Meeting hosts and group admins can easily remove attendees or terminate meetings.
Nynja is HIPAA and SOC2 Compliant. Nynja uses a Qualified Security Assessor Company (QSAC), accredited ISO 27001, ISO 27701 and ISO 22301 certification body, certified HITRUST Assessor firm, and accredited FedRAMP 3PAO.
Currently, the agencies that certify health technology, the Office of the National Coordinator for Health Information Technology and the National Institute of Standards and Technology, do “not assume the task of certifying software and off-the-shelf products” (p. 8352 of the Security Rule), nor accredit independent agencies to do HIPAA certifications. Additionally, the HITECH Act only provides for testing and certification of Electronic Health Records (EHR) programs and modules. Thus, as Nynja is not an EHR software or module, our type of technology is not certifiable by these unregulated agencies.
However, the following list demonstrates how Nynja supports HIPAA compliance based on the HIPAA Security Rule published in the Federal Register on February 20, 2003 (45 CFR Parts 160, 162, and 164 Health Insurance Reform: Security Standards; Final Rule).
SOC 2
More formerly known as Service Organization Control 2, it reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy. The standard for regulating these five issues was formed under the AICPA Trust Services Principles and Criteria.
The purpose of this document is to understand how Nynja supports the goals of HIPAA and SOC 2 compliance.
