Bugfender implements the technical and organizational safeguards that are necessary for HIPAA compliance.

Here are some highlights of what Bugfender does to help with HIPAA compliance:

  • Access control: we provide a way to securely identify each individual user, be it by logging in with e-mail and password or by using a third party service designated during installation, like your organization's SSO service. Mobile applications that send data to Bugfender are identified with a key.

  • ePHI authentication: all communication between identified mobile clients or end users and our servers is protected by TLS, which provides server identification, encryption and data integrity protection.

  • Encryption: all ingoing and outgoing communications communications from Bugfender are encrypted with TLS, SSH or an equivalently strong algorithm.

  • Audit controls: Bugfender provides detailed logging of all operations, with sufficient detail to audit accesses to ePHI.

  • Automatic logoff: Bugfender logs users automatically off after a definable period of time.

In order to use Bugfender SaaS under HIPAA, please contact us. You will need:

  • An instance of Bugfender especially configured for HIPAA compliance. These types of instances are available for Premium plans.

  • A Business Associate Agreement, that we can provide and sign.

Please note the self-service edition of Bugfender, as is, is not suitable for handling data under HIPAA protection. You must have a BAA signed with us and a special configuration in order to be compliant.

If you prefer to self-host, Bugfender On-Premises edition can also be used for HIPAA workloads. No Business Associate Agreement is needed in this case, since we will not have access to your data. We will be happy to provide any assistance you need with the configuration parameters of your instance.

If you have questions or are interested in using Bugfender for handling data under HIPAA protection please contact us.

See also:

Did this answer your question?