It’s a big, scary digital world out there, and attacks on your data can come from just about anywhere. Some businesses (those that deal with sensitive healthcare data or payment card information) may have more to worry about, but any business that handles data needs to make sure they’re doing it in a responsible, secure way.
When you invest in any form solution, you’re trusting that the company helping you collect data and transfer it from one place to another has done its own research and is just as concerned about the correct collection and processing of data as you are. In case you’re not sure what to look for in a new form solution, here are some top certifications and abilities that it should have.
1. HIPAA Compliance
HIPAA violation fines can be costly and damaging to healthcare organizations and businesses that handle PHI (Protected Health Information). Settlements for HIPAA violations can cost companies millions of dollars and can happen because of data breaches, lost or stolen equipment, and even unintentional employee mistakes.
These are serious consequences, both monetary and otherwise, even for large organizations. Not to mention the patient distrust after a breach, even if their was no mal-intent on the part of the hospital or other healthcare organization involved.
At FormAssembly, we understand the burden our healthcare clients deal with regarding the protection of sensitive information. Earlier this year, we attained HIPAA compliance, which helps keep PHI safe. Here are the benefits to healthcare organizations from our HIPAA Compliance (which is included in our Compliance Cloud offering):
- Compliance You Can Trust: We underwent a GAP assessment, in addition to further auditing by Coalfire to be able to prove our HIPAA compliance.
- Sophisticated Encryption Best Practices: Data flagged as sensitive is encrypted with private keys generated specifically for the associated user.
- Customizable, Flexible Password Protection: Our Compliance Cloud allows you to control password administration, requirements, and restrictions.
- Flexible Storage Solutions: We offer the Compliance Cloud for our advanced customer needs.
- First-Class Priority: With the attentive service provided to Enterprise users, you won’t have to wonder if FormAssembly was worth the investment.
2. PCI DSS Level 1 Certification
There are lots of reasons you might use forms to collect payment information. Donation forms, payable invoices, order forms, and event signup forms are just a few examples. With any of these examples it’s important to be cognizant about PCI compliance, which affects anyone who collects payment information.
To ensure that no credit card information is unnecessarily stored in FormAssembly, we require the use of one of our approved payment connectors for any FormAssembly forms that collect payment information, but we also recently attained PCI DSS Level 1 Certification for our Enterprise-Level Compliance Cloud offering.
Over a period of more than a year, we worked with Coalfire, a third-party auditor and compliance assessor, to make the procedural changes and updates needed to obtain Level 1 certification.
3. EU-U.S. Privacy Shield Compliance
If you’re a European businesses, there are other certifications that are important for your form solution to have. We recently achieved compliance with the requirements of the EU-U.S. Privacy Shield.
In the wake of the invalidation of the Safe Harbor Framework, the EU-U.S. Privacy Shield was adopted. The EU-U.S. Privacy Shield concerns data governance between the EU the U.S., and aims for greater transparency for the data of European citizens as well as stricter measures for U.S. companies.
- A greater responsibility for U.S. companies to securely handle data
- Safeguards and transparency regarding government data access
- Increased protection of European individual rights
- An annual review mechanism for companies to prove they meet EU-US. Privacy Shield Requirements
- Redress options for European individuals in the event of complaints
Is your form builder secure and reliable? Are you sure? In this day and age, there’s no room for complacency or carelessness around data security and privacy. We take data of any sensitivity level very seriously and do our part to help you protect it. Learn more about our features and integrations and sign up for a free two-week trial today.