HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US Federal legislation that provides data privacy and security provisions for safeguarding medical information. HIPAA includes provisions to protect the security and privacy of protected health information (PHI). PHI includes a very wide set of personally identifiable health and health-related data, including insurance and billing information, diagnosis data, clinical care data, and lab results such as images and test results. 

HIPAA was expanded in 2009 by the Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA and HITECH establish a set of federal standards intended to protect the security and privacy of PHI. 

Simana is not HIPAA compliant, but it doesn't need to be. 

Simana is not intended for PHI. There is no need to enter patient identifiable data in the kinds of projects that are being run on Simana as the data being recorded are generally aggregated across a given population. Our User Terms of Use state that users should not enter PHI . 

That said, we take security extremely seriously and there is a robust security setup in place. We use Amazon Web Services as our hosting partner. Further details of the compliance programs in place can be found here: AWS compliance. 

You can read more about our own security policies and procedures here.