HIPAA Compliance

Version 2

    The following Modules are required to fulfill HIPAA requirements

     

     

    1.    Records Retention

    Jive’s Records Retention Service provides the customer with the customer’s own copy of user activity data that may be retained for longer than Jive’s standard 90 days.  The service helps to satisfy the following HIPAA control objectives.

     

    Security Management Process

    §164.308(a)(1)(ii)(d)

    Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.

     

    Audit Controls

    §164.312(b)

    Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

     

    Document Retention

    §164.316(b)(2)(i)

    Retain the documentation required by paragraph (b)(1) of this section for 6 years from the date of its creation or the date when it last was in effect, whichever is later.

     

     

    2.    Encryption at Rest

    Jive’s Encryption at Rest Service helps to satisfy the following HIPAA control objective.

     

    Access Control

        §164.312(a)(1)

        Implement a mechanism to encrypt and decrypt electronic protected health information.

     

     

    3.    Enhanced Disaster Recovery

    Jive’s Enhanced Disaster Recovery Service provides the customer with a copy of the disaster recovery plan and periodically tests the customer’s instance against the plan.  It also guarantees recovery point objective and recovery time objective requirements around the accessibility of their data.  The Enhanced Disaster Recovery Service helps to primarily satisfy the following HIPAA control objectives.

     

    Contingency Plan

    §164.308(a)(7)(ii)(d)

    Implement procedures for periodic testing and revision of contingency plans.

     

    §164.308(a)(7)(ii)(a)

    Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.

     

    §164.308(a)(7)(ii)(b)

    Establish (and implement as needed) procedures to restore any loss of data.