We’re excited to announce that Rewind now supports HIPAA-compliant data backups, helping you safeguard your Protected Health Information (PHI) with confidence.
Covered in this article:
- Why is HIPAA Compliance Important?
- Supported Integrations
- Getting Started With Rewind’s HIPAA Compliance
- How We Protect Your PHI
- Frequently Asked Questions
- Next Steps and Additional Resources
Why is HIPAA Compliance Important?
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. law designed to safeguard individuals’ health information. Any company handling PHI (Protected Health Information) must follow strict rules to maintain privacy and security.
By using Rewind’s HIPAA-compliant backups, you can rest assured that we take the proper steps to help you protect this sensitive information.
Supported Integrations
Below are the integrations that are currently supported by Rewind's HIPAA-compliant data backups:
- Confluence
- Jira
- Jira Service Management
- Azure DevOps
- Okta
- Microsoft Entra ID
Getting Started With Rewind’s HIPAA Compliance
-
Contact us and sign a Business Associate Agreement (BAA)
Under HIPAA, companies that handle PHI must have a Business Associate Agreement (BAA) in place with any vendor processing or storing that PHI. To complete this:- Reach out to Rewind Sales or Support and let us know you need HIPAA-compliant backups.
- We’ll guide you through signing the BAA, which outlines our shared responsibility for protecting PHI.
-
Complete the Rewind HIPAA Compliance Checklist
Once you’re ready to proceed, we’ll provide a HIPAA Configuration Guide. Following these guidelines will help ensure your Rewind backups meet HIPAA standards. This document covers:- Platform-specific configurations (e.g., ensuring PHI isn’t stored in attachment filenames).
- Instructions on securely setting up each integration.
-
Configure your integration
After the checklist is complete, configure your chosen platform(s) with Rewind according to the recommended settings. From there, you’ll be all set to leverage HIPAA-compliant backups!
How We Protect Your PHI
- Encryption: We encrypt data both at rest and in transit, ensuring it stays secure.
- Access Controls: Only authorized Rewind team members have access to your data, and they undergo HIPAA-focused training.
- Monitoring & Logging: We use continuous security monitoring, audit logging, and intrusion detection systems.
- Strict Vendor Management: Any of our vendors with potential access to PHI also sign BAAs with us, ensuring they meet HIPAA standards.
- Incident Response: In the unlikely event of a data breach, we’ll quickly notify affected customers and provide the details needed to assess impact.
Frequently Asked Questions
Below are some of the most common questions we receive about HIPAA compliance. If you have a question that’s not addressed here, please reach out to us.
What is HIPAA, and what does it cover?
HIPAA is a federal law in the U.S. that focuses on safeguarding PHI. This includes any information about a person’s health status, treatment, or payment that could potentially identify them.
Is Rewind automatically HIPAA-compliant for every customer?
No. While Rewind supports HIPAA compliance, it’s only applicable once you’ve signed our Business Associate Agreement (BAA) and followed our HIPAA Configuration Guide. This provides configuration requirements—like avoiding PHI in filenames—and ensures the product is used in a HIPAA-compliant manner.
Do I need a paid subscription for HIPAA-compliant backups?
Not necessarily. If you plan to use real PHI (Protected Health Information) during a trial, we can provide a Business Associate Agreement (BAA) to ensure your data is handled in a HIPAA-compliant manner. However, many customers choose to use anonymized or de-identified test data during trials. If you need to evaluate Rewind with live PHI, please reach out to us first so we can help you sign a BAA and properly configure the solution for HIPAA compliance.
Is Rewind “HIPAA Certified”?
Currently, there is no official HIPAA certification from the U.S. government. Rewind’s security and privacy teams regularly review our policies and safeguards to ensure we maintain compliance with HIPAA, as well as other data protection laws like GDPR, CCPA, and PIPEDA. We also maintain SOC 2 Type II certification for ongoing security audits.
How often does Rewind review HIPAA compliance?
Our continuous compliance process includes regular risk assessments, system audits, and policy updates to align with evolving regulations and technologies.
What if I only store limited PHI (or mostly de-identified data)?
Even if you store minimal PHI, you must still meet HIPAA requirements if your organization or your customers are subject to HIPAA. Rewind can accommodate organizations that only occasionally handle PHI and those that manage large volumes of PHI.
What if I want to test new features that might involve PHI?
We strongly encourage using anonymized or de-identified data when testing new features or workflows in a non-production environment. This approach aligns with HIPAA’s minimum necessary rule and reduces risk.
Do you share PHI with partners or vendors?
Yes, but only under strict BAAs. If our partners or subcontractors need access to PHI, they must also sign a BAA, ensuring they meet HIPAA standards.
How does Rewind handle a potential data breach?
If Rewind becomes aware of a data breach that affects your organization’s PHI, we’ll promptly notify you and provide thorough information about the incident, including steps to help you assess any possible impact.
Is there anything else I need to do for compliance?
Yes. While Rewind can help secure your backups, HIPAA requires a comprehensive approach. To ensure full compliance, you should maintain internal policies, employee training, and other technical controls. Rewind’s HIPAA Configuration Guide provides guidance on how to configure your backups responsibly, but it doesn’t replace your own compliance responsibilities.
Next Steps and Additional Resources
-
[Rewind HIPAA Configuration Guide]—
HIPAA configuration guide - Rewind
- Need more help? Contact our Support team or reach out via support@rewind.com.
We’re here to make sure your data is backed up safely and in compliance with HIPAA regulations. If you have questions, feel free to get in touch!