Boostlingo worries about data security and privacy compliance so that you don’t have to.
The implications for government regulatory non-compliance for language service organizations, healthcare providers, telehealth platforms and effectively any business that is in the business of delivering interpretation services are both substantial and far reaching. We know that the costs of regulatory non-compliance are not inconsequential and that issues around compliance are a constant and continual concern for your organization.
Boostlingo maintains a focus on all relevant domestic and international regulatory changes and updates keeping a pulse the ongoing challenges emerging from new and pending data privacy legislation.
At Boostlingo we take the threat of regulatory action and any subsequent disruption to your business processes and business continuity very seriously and therefore we constantly strive to tighten controls for handling and processing any information that crosses national boundaries or in the case of data sovereignty requirements where data cannot cross national boundaries.
Through HIPAA (Health Insurance Portability and Accountability) the United States is providing privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals and other health care providers.
HIPAA is an effective compliance at Boostlingo and requires a number of things:
Security Incidents – Boostlingo will track unauthorized access attempts in an effort to reduce risk and exposure to threats from outside network attacks and malware.
Access Management – Boostlingo’s requests to/from our servers are made over encrypted https (TLS 1.2/1.1) using only the most secure cipher suites.
Encryption and Decryption – Boostlingo infrastructure is a multitenant public cloud solution with the ability to segregate data by tenant on their own dedicated instance. All User information is encrypted in the Boostlingo DB.
Key Management – The key management service we utilize takes advantage of Hardware Security Modules to protect the security of the keys.
Logging and Audit Controls – HTTPS is the only form of communication allowed to the Boostlingo API. The SSL certificate can (and should) be validated in the client’s web browser. All security incidents are escalated to senior technical staff and when found to be true threats are logged against internal ticketing system for mitigation.
Monitoring – Boostlingo monitors all servers and network hardware the application is running on. Roles Based Management can be used to restrict access to those users who should not have access to PHI information.
Additional Security Incidents – Security incidents are communicated to administrators through email/text/phone call and require recognition to close incident or same notifications remains open and hits additional administrators.
At Boostlingo, we are always staying up to date with privacy trends for our customers. Boostlingo’s security framework is based on the ISO 27001 Information Security Standard and includes security mechanisms that cover:
Boostlingo Personnel Security
Cloud and Network Infrastructure Security
Continuous Monitoring and Vulnerability Management
Business Continuity and Disaster Recovery
Third Party Security
Security is represented at the highest levels of the company, with our Chief Information Security Officer meeting with executive management regularly to discuss issues and coordinate company wide security initiatives. These policies and standards are available to all of our employees.
Here at Boostlingo there has always been a culture of compliance. We place tremendous importance and value on privacy, especially your privacy. So, we’re letting you know about some of the recent changes that we’ve made regarding our Terms & Conditions and Privacy Policies. These policy updates are in full effect beginning May 25, 2018.
These changes are a result in part of the recent rules set by the European Union’s General Data Protection Regulation (GDPR). We figure that all of our users would benefit from and like to enjoy these rights, so we’re rolling them out globally to everyone.
Here’s an overview of some of these recent updates:
We have created a global “opt out page”. We don’t want to lose you and we would like to believe that you will really really miss us too. But if you really gotta go – we get it! We will still be here for you if you change your mind.
We’ve made it a lot easier for you to update your communication preferences.
We’ve reorganized all of our policies so that they’re easier to find and also easier to read and understand. There is also a lot of new info (some nice light bedside reading material) for you in our help section!
We’ve provided more clear detail on how we work with all of our partners and other third-party providers to Boostlingo. We also detail how we ensure our partners are compliant across all the regulatory issues you care about.
We’ve incorporated requisite privacy and security controls across the entire Boostlingo platform to ensure compliance and your peace of mind!
Boostlingo data centers are strategically located in the US, Canada, Germany, and Australia to ensure compliance with regional data sovereignty requirements.
If you are a Boostlingo Root Admin, please visit your Admin Dashboard to execute the new Data Processing and Protection Agreement as may be required.
If you have additional questions about HIPAA, Privacy or GDPR compliance at Boostlingo please contact us directly at [email protected]