Privacy and security protection
Condens provides comprehensive privacy and security protections that enable you to operate our software in compliance with HIPAA. These include:
assigned security team responsible for maintaining compliance with HIPAA requirements
security measures to protect PHI - more on this on our Security page
security audits performed by independent third-parties
policies that govern the appropriate handling of PHI and cases relating to HIPAA including a Breach Notification Policy, a Business Associate Policy and a Privacy, Use, and Disclosure Policy all of which are reviewed annually
an internal control system to ensure the proper implementation and monitoring of legal specifications and policies
regular risk assessments of systems to ensure that safeguards remain relevant and effective
annual security awareness training and HIPAA training for employees who come into contact with customer PHI
Signing a Business Associate Agreement (BAA)
Before you enter PHI to Condens you need to sign a BAA with us. Here is how to do that.
Step 1: Decide for a plan
You can sign a BAA with Condens if you go with our Company or Enterprise plan (see details on plans here). If you go with our Company plan, our standard BAA to which we can't make any changes. If you go with our Enterprise plan, we can consider changes to our standard BAA or use your BAA as a basis.
Step 2: Request our BAA or send your BAA
Reach out to email@example.com to request our BAA or - only if you go with the Enterprise plan - send your BAA for us to review.
Step 3: Follow usage requirements
Make sure everyone at your organization using Condens knows and follows the usage requirements listed below.
Condens has defined HIPAA usage requirements that each customer needs to follow in order to use Condens in a HIPAA compliant way. We want to stress that it's your responsibility to ensure you’re using Condens in a HIPAA-compliant way. We can't take responsibility for any unauthorized access to your PHI, that results from your failure to comply with these usage requirements.
It’s also your obligation to ensure all third party applications integrated with Condens are operated in a HIPAA-compliant way. The BAA that you sign with us only covers Condens and the subcontractors used by us.
You need to use Condens in line with the following requirements:
Do not share data containing PHI via a public link (more on this here). Instead, invite stakeholders to your account to make data accessible.
Do not enter PHI via the Give Feedback button
Do not enter PHI in comments or replies to comments
Do not send PHI to Condens via email or share PHI in a (video) call with a Condens employee
If you download data to your computer, please ensure that those downloaded files are handled appropriately since they may contain PHI. We suggest that you secure those files by encrypting them and only transfer using an encrypted connection.
Due to the changes in law or regulation or changes in Condens Software, we may update or revise this page from time to time. If you signed a BAA with us we will update you of relevant changes to this page. This page does not constitute an exhaustive template for all controls over PHI nor does it constitute legal advice.