HIPAA compliance

Bugfender can be used for HIPAA-compliant workloads, here is how.

Jordi Giménez avatar
Written by Jordi Giménez
Updated over a week ago

Bugfender implements the technical and organizational safeguards that are necessary for HIPAA compliance.

Here are some highlights of what Bugfender does to help with HIPAA compliance:

  • Access control: we provide a way to securely identify each individual user, be it by logging in with e-mail and password or by using a third party service designated during installation, like your organization's SSO service. Mobile applications that send data to Bugfender are identified with a key.

  • ePHI authentication: all communication between identified mobile clients or end users and our servers is protected by TLS, which provides server identification, encryption and data integrity protection.

  • Encryption: all ingoing and outgoing communications communications from Bugfender are encrypted with TLS, SSH or an equivalently strong algorithm.

  • Audit controls: Bugfender provides detailed logging of all operations, with sufficient detail to audit accesses to ePHI.

  • Automatic logoff: Bugfender logs users automatically off after a definable period of time.

Bugfender SaaS

In order to use Bugfender SaaS under HIPAA, please contact us. You will need an instance of Bugfender especially configured for HIPAA compliance.

Here are the main differences with the generally available Bugfender SaaS:

  • We will sign a BAA with you.

  • Your Bugfender account will run under a dedicated instance with a special configuration, like session expiration after 8 hours and no analytics collection.

  • Hosting, emailing and backups will be provided using Amazon Web Services in us-west-1 and us-east-1 regions.

  • Customer support will be provided directly by the customer success representative of the account instead of relying on external customer support tools.

  • System administration will be performed by a specialized team.

Please note the self-service edition is not suitable for handling data under HIPAA protection.

Bugfender On-Premises

If you prefer to self-host, Bugfender On-Premises edition can also be used for HIPAA workloads. No Business Associate Agreement is needed in this case since we cannot access your data. We will be happy to provide any assistance you need with the configuration parameters of your instance.

If you have questions or are interested in using Bugfender for handling data under HIPAA protection, please contact us.

See also:

Did this answer your question?