RumbleTalk HIPAA Overview

LAST UPDATED: Mar 8th, 2024

HIPAA info

HIPAA stands for, Health Insurance Portability and Accountability. It is a U.S. federal law that requires privacy and security protections for protected health information (PHI). If you’re a covered entity or business associate subject to HIPAA, RumbleTalk can be configured to support PHI within uploaded files and message content.

Rumbletalk is committed to and has implemented many safeguards to ensure its devices, services, websites, and data systems (collectively “Products”) are compliant with the regulations and conditions outlined in the Health Insurance Portability and Availability Act. and GDPR regulations. In order to establish and ensure ongoing compliance Rumbletalk is subjected to third parity independent audits, onboard training process, annual review of Security Policies and ongoing maintenance of regulations. With transparency as our corporate value, you may contact us for more information.

Please review and agree to implement the guidelines in our Requirements for HIPAA Entities. This is an essential step before RumbleTalk can support your HIPAA compliance, Please see below:

  • RumbleTalk does not maintain the designated record set and should not be the system of record for your health information.
  • RumbleTalk does not have a business associate agreement with any third-party application providers, so you are responsible for determining whether an agreement is necessary with an application provider before enabling.
  • You must be using the RumbleTalk Enterprise plan
  • You may not use RumbleTalk to communicate with patients, plan members, or their families or employers.
  • You must execute a Business Associate Agreement
  • Excluding messages and files, members of your organization may not include PHI when using other RumbleTalk features.
  • You are responsible for using RumbleTalk APIs to implement tools and processes for monitoring your members’ use of RumbleTalk. We recommend setting up an external Data Loss Prevention (DLP) provider to enforce message and file restrictions and exports.