Global communications company Infobip successfully obtained a dedicated HIPAA attestation report on 30 September 2021, representing an important milestone in demonstrating the maturity of the company’s data privacy and security program, that meets the needs of customers subject to HIPAA.
The examination was performed by an independent service auditor according to the SSAE 18 standard, and the testing procedures followed the Office for Civil Rights (OCR) established audit protocol. The attestation examination focused on the HIPAA Security Rule and the HITECH Breach Notification Rule requirements and covered Infobip’s SMS services.
HIPAA – or Health Insurance Portability and Accountability Act – is a United States law enacted in 1996 to ensure increased portability of health insurance for workers and to streamline the management of healthcare information. Today, it is mostly known as a law that governs the privacy and security of Protected Health Information (PHI).
HIPAA covers any organizations that meet the definition of covered entities or business associates. Infobip considers compliance with HIPAA a shared responsibility between Infobip and the customer. For customers that are subject to HIPAA, Infobip will sign a business associate agreement (BAA) for eligible services. Infobip’s BAA has been developed taking into account the specific products and services that Infobip offers.
Aurora Volarović, VP Public Affairs at Infobip said: “The importance of the healthcare industry to a society’s wellbeing cannot be overstated. Numerous studies have shown that better communication with patients can significantly improve patient outcomes. Infobip feels it has a duty to be part of a solution that helps improve people’s lives. Our whole business ethos revolves around creating seamless trusted connections between people and the businesses that deliver services to them.”
The examination serves as a way for organizations to show they have had a third party review their HIPAA policies, procedures, and controls and assess them for conformance against the HIPAA Security and HITECH Breach Notification Rule requirements.
In addition to Infobip’s ISO 27001, 27017, and 27018 certificates and a SOC2 Type I compliance report, the examination may provide further peace of mind for customers that Infobip Ltd will appropriately safeguard protected health information.