HIPAA Compliance Demonstrates Commitment by Science Exchange to Protection and Privacy of Protected Health Information
PALO ALTO CA, June 7, 2018 – Science Exchange today announced that it is the first R&D outsourcing platform to achieve HIPAA compliance as required by the U.S. Department of Health and Human Services under 45 C.F.R. 164. This achievement demonstrates the company’s commitment to the protection and privacy of Protected Health Information (PHI) as defined by 45 CFR §160.103 and shared by its customers and scientific research providers on the Science Exchange platform.
“Protecting sensitive patient health information is a top priority for our clients and research providers,” said Elizabeth Iorns, Ph.D., co-founder and CEO of Science Exchange. “Achieving HIPAA compliance was a crucial step for Science Exchange, given the increasing portability and complexity of data processed by our software platform.”
HIPAA and HITECH: Noncompliance costing millions
The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act limit the disclosure of patient PHI, including data processed by any provider, technology platform, or other contractor. Since 2010, enforcement of HIPAA and HITECH has increased — with individual fines for noncompliance as high as $2 million. HIPAA compliance helps protect Science Exchange’s clients from these potential consequences.
Science Exchange achieved HIPAA compliance by:
- Establishing Business Associate Agreements for proper use and disclosure of PHI: Business Associate Agreements are required agreements between covered entities and their business associates, such as Science Exchange, whose activities involve access to PHI.
- Implementing administrative, physical and technical safeguards against improper disclosures
- Training every employee on protecting information subject to HIPAA and HIPAA requirements
- Adopting best practices for limiting information use and sharing
Industry leaders in data privacy, security, and quality assurance
In addition to being the only HIPAA-compliant R&D outsourcing platform, Science Exchange is also the only outsourcing platform to have earned EU-U.S. Privacy Shield Framework certification. This certification ensures compliance with the General Data Protection Regulation (GDPR) regulations that went into effect on May 25, 2018, thereby protecting the many R&D organizations that have enterprise-level agreements with Science Exchange. Science Exchange is also SOC 2-compliant and ISO 9001-certified.
Learn more about how Science Exchange protects your data: