Home Offsite Backup Regulatory Compliance
Article Index
Regulatory Compliance
All Pages

Regulatory Compliance

Information about regulatory compliance as it relates to HIPPA, SEC/NASD, Sarbarnes-Oxley, and Graham-Leach-Bliley can be found below.

Health Insurance Portability and Accountability Act (HIPAA)

Requirement: Electronic personal health information (ePHI) must be protected against any reasonably anticipated threats or hazards.

Rentavault: The data is housed in two separate Tier One data centers. Both the primary center and the secondary remote center are heavily secured. Redundant fail-safe systems protect the data in every step of the backup and storage process.

Requirement: Access to ePHI must be protected against any reasonably anticipated uses or disclosures that are not permitted or required by the Privacy Rule.

Rentavault: The data is encrypted before transmission and is always maintained in encrypted state. Access is restricted by password authentication.

Requirement: Maintenance of record of access authorizations.

Rentavault: Access to data is date and time-stamped by user, providing a clear audit trail.

Requirement: If the data is processed through a third party (Rentavault Inc.), entities are required to enter into a chain of trust partner agreement.

Rentavault: Rentavault Inc. enters into a Business Associate Agreement with client, in which the parties agree to electronically exchange data and to protect the transmitted data. The Agreement states that the receiver of data (Rentavault Inc.) is required to maintain the integrity and confidentiality of the transmitted information.