Login

We use the following technology partners to keep IIF, PHI and PII data safe as part of HIPAA and HITECH

 

SubroShare's network and operations are HIPAA compliant and proactive with the upcoming HITECH ammendments. To that end, we have HIPAA Business Associate Agreements with all of our Subscriber Entity (SE) members and their in-network health providers.

Although not yet formally promulgated by Congress, SubroShare has taken a conservative and proactive approach to the new Health Information Technology for Economic and Clinical Health Act (HITECH) provisions in Title XIII of the American Reinvestment and Recovery Act of 2009.

Under 45-164.501 of the Health Insurance Portability and Accountability Act (HIPAA), the ROI data that is collected and shared between HPEs and SEs, through the SubroShare network, is specific to insurance subrogation operations and falls under the HIPAA provision of "Payment", in the automatic exclusion of "Treatment", "Payment" and "Operations". This means that patient authorization is not necessary, nor can the patient request to withhold the limited disclosure of their PHI to SubroShare and eventually, to their health insurance company.

Our operations, software and user procedures limit Information in Identifiable Form (IIF), Personally Identifiable Information (PII) and Protected Health Information (PHI) relating to patients, to the minimum necessary requirements to accomplish our vendor task.

 
The SubroShare network is operational 24/7/365 and managed through a type II SAS 70* certified data center, having:
  • Redundant Power Feeds From Separate Power Grids

  • Redundant Power Distribution Units

  • Redundant UPS Battery-Backup Systems

  • 1500 Kilowatt Generator Backup With Automatic Transfer Switch

  • Redundant Liebert Temperature/Humidity Control Units

  • State-Of-The Art Fire Suppression Systems

  • A redundant gigabit (1,000 Mbps) Switched Ethernet Backbone Network with a separate gigabit backup network.

  • A secure 128-bit firewall, having Distributed Denial Of Service (DDoS) Protection.

  • A Digicert SSL certificate, supporting 128 and 256-bit encryption, compatible with most platforms, browsers, mail clients and mobile devices.
* A copy of the official Type II SAS 70 audit is available upon signature of an NDA.