Rocketlane is now HIPAA compliant to ensure the highest standards in security and privacy

At Rocketlane, we're committed to delivering exceptional project management solutions while prioritizing the security and privacy of our customers' data. Today, we're excited to announce that Rocketlane is officially HIPAA compliant, reinforcing our dedication to protecting the confidentiality, integrity, and availability of protected health information (PHI) for healthcare organizations and their partners.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a United States federal law designed to safeguard patient health information. HIPAA sets strict standards for protecting electronic protected health information (ePHI), ensuring that organizations handling such data adhere to rigorous security and privacy requirements.

How Rocketlane supports HIPAA compliance

Security and compliance under HIPAA is a shared responsibility between Rocketlane and our customers. While Rocketlane provides the necessary security controls and configurations to meet HIPAA standards, our customers are responsible for appropriately using these tools to ensure compliance with the law.

If you're a healthcare provider or partner subject to HIPAA, and plan to store PHI in Rocketlane, you must sign a Business Associate Agreement (BAA) with us. This agreement outlines our responsibilities and helps ensure that your use of Rocketlane aligns with HIPAA requirements.

Key features that ensure HIPAA compliance

We've implemented a series of safeguards and enhancements to help our customers maintain HIPAA compliance:

• Access control: Our system lets you define who can access specific projects and data, ensuring that only authorized individuals can view or modify sensitive information.
  
  
• User identification: Every user in Rocketlane has a unique identifier, and all system requests are tracked for anomalies to ensure the security of your data.
  
  
• Emergency procedures: Rocketlane's architecture is designed for high availability and fault tolerance, with encrypted backups and regular disaster recovery drills to ensure data is secure even in emergencies.
  
  
• Automatic logoff: Sessions can be configured to terminate after a period of inactivity, reducing the risk of unauthorized access.
  
  
• Encryption: All data within Rocketlane is encrypted at rest (using AES-256) and in transit (using TLS 1.2 or higher), ensuring your ePHI remains protected.
  
  
• Audit controls: Our system records and monitors audit logs, allowing you to track activities and identify policy violations.
  
  
• Data integrity: Projects can be created in "Invite only" mode, and all transactions are tracked to protect against unauthorized data alterations.
  
  
• Person or entity authentication: To verify user identities securely, we recommend using Single Sign-On (SSO) or SAML with two-factor authentication.
  
  
• Transmission security: Rocketlane enforces encryption and integrity controls to prevent unauthorized access or modification of ePHI during transmission.

Moving forward

At Rocketlane, we're not just meeting compliance standards—we're committed to continuously enhancing our security practices to keep your data safe. Our HIPAA compliance is a significant milestone, and we're proud to support healthcare organizations in managing their projects securely and efficiently.

Thank you for trusting Rocketlane with your sensitive data. If you have any questions or need further information about our HIPAA compliance, please contact us at care@rocketlane.com. We're here to help you every step of the way.