Bugfender On-premises edition can be used in a HIPAA setting, since we do not have access to your data. This version includes the technical safeguards that are necessary for HIPAA compliance:
- Access control: we provide a way to securely identify each individual user, be it by logging in with e-mail and password or by using a third party service designated during installation, like your organization's SSO service. Mobile applications that send data to Bugfender are identified with a key.
- ePHI authentication: all communication between identified mobile clients or end users and our servers is protected by TLS, which provides server identification, encryption and data integrity protection.
- Encryption: all ingoing and outgoing communications communications from Bugfender are encrypted with TLS, SSH or an equivalently strong algorithm.
- Audit controls: Bugfender provides detailed logging of all operations, with sufficient detail to audit accesses to ePHI.
- Automatic logoff: Bugfender logs users automatically off after a definable period of time.
If you have questions or are interested in using Bugfender for handling data under HIPAA protection please contact us.
Please bear in mind the self-service edition of Bugfender is not suitable for handling data under HIPAA protection at the moment. We are working on improving our policies and procedures to qualify as Business Associate. If you wish to use Bugfender self-service please contact us anyway.