Bamboo Health takes the security of patient data very seriously and takes the following steps to ensure the privacy of such information both generally, and in providing the Bamboo Health Services:
(1) Bamboo Health has a robust internal HIPAA compliance program.
(2) Bamboo Health has successfully completed numerous security reviews and undergoes annual third-party security assessments and penetration tests. In addition, we are happy to provide copies of SOC-2 reports for our hosted environment provider (Amazon Web Services), as well as, any reports generated from relevant security reviews or assessments. Our team is always willing to answer additional security questions that you may have. SOC-2 reports may be obtained from Bamboo Health or directly from AWS upon signing a non-disclosure agreement.
(3)Bamboo Health uses a rigorous, multi-factor patient matching algorithm to ensure accurate encounter notifications. This algorithm ensures that we only share encounter information between Bamboo Health customers the receiving customer has a relationship with the patient that satisfies the requirements of HIPAA’s TPO Exception.
(4) Bamboo Health enters into Business Associate Agreements with all of its customers who have access to PHI via the Bamboo Health Services, as well as with all of its subcontractors who need access to PHI in furtherance; of its obligations to Bamboo Health.