The following Modules are required to fulfill HIPAA requirements
- Records Retention - satisfies logging requirement Jive Cloud Records Retention - Jive Module
- Encryption at Rest - satisfies data protection requirement Encryption at Rest - Jive Module
- Enhanced Disaster Recovery - satisfies BIA, BCP, and DR requirements Enhanced Disaster Recovery - Jive Module
1. Records Retention
Jive’s Records Retention Service provides the customer with the customer’s own copy of user activity data that may be retained for longer than Jive’s standard 90 days. The service helps to satisfy the following HIPAA control objectives.
Security Management Process
Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
Retain the documentation required by paragraph (b)(1) of this section for 6 years from the date of its creation or the date when it last was in effect, whichever is later.
2. Encryption at Rest
Jive’s Encryption at Rest Service helps to satisfy the following HIPAA control objective.
Implement a mechanism to encrypt and decrypt electronic protected health information.
3. Enhanced Disaster Recovery
Jive’s Enhanced Disaster Recovery Service provides the customer with a copy of the disaster recovery plan and periodically tests the customer’s instance against the plan. It also guarantees recovery point objective and recovery time objective requirements around the accessibility of their data. The Enhanced Disaster Recovery Service helps to primarily satisfy the following HIPAA control objectives.
Implement procedures for periodic testing and revision of contingency plans.
Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.
Establish (and implement as needed) procedures to restore any loss of data.