Home Blog
15 JULY 2021 | Accounting | Security

How Encyro Helps You Comply with HIPAA, GDPR, GLBA, IRS Pub. 4557, PCI-DSS ...

How Encyro Helps You Comply with HIPAA

Encyro helps you safeguard customer data to help you meet many privacy and security regulations and guidelines.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the Omnibus Rule of 2013 call for privacy and security standards that protect the confidentiality and integrity of patients’ protected health information (PHI). Electronic PHI (ePHI) includes patient names, social security numbers, email addresses, photographic diagnostic data and other patient data.

Sending and receiving PHI electronically can help you save time and money when communicating with patients, other providers, insurance plans, labs, or other service providers. Faxing, printing, mailing, burning X-Ray or other images to CDs, and not to mention shredding, consume a significant amount of time. The money spent on printer ink or toner, mailing fees and stationary supplies reduces your earnings.

With Encyro, you can securely send and receive PHI with ease, while keeping it secure. Specifically, to help you meet HIPAA requirements, Encyro provides the technical safeguards required by HIPAA regulations to protect ePHI, including access control, encryption (both during transmission and when stored), audit controls, and integrity. More details on our security safeguards as well as multi-location data backups are available here.

Please keep in mind that HIPAA regulations apply to all aspects of your clinic or facility. Using Encyro helps you meet HIPAA requirements when communicating PHI through our system, but you may need additional mechanisms to protect PHI outside of your Encyro account, including on paper documents and local storage.

Need to sign a BAA?

HIPAA regulations require a covered entity to sign a written contract, often called the Business Associate Agreement (BAA) with any person or entity, other than your own employees with whom they share protected health information (PHI). More details are available at the U.S. Department of Health and Human Services (HHS) website.

We are happy to sign a BAA with Encyro Pro members. We use electronic signatures to make it quick and easy. Simply contact us to get started.

GDPR

The General Data Protection Regulation (GDPR) of 2018 is designed to enable individuals to get better control of their personal data and affects all businesses that collect any data from customers or clients in the European Economic Area (EEA). GDPR Article 32 specifically requires implementing technical measures to ensure data security, and calls for encryption of personal data as well as mechanisms to restore data availability in the event of a technical or physical incident.

To help you comply with GDPR requirements, Encyro protects your customer data shared using our systems through encryption, access control, and multi-location backups. We have technical and organizational controls in place to ensure that data is protected. More details are available here.

With Encyro, you can securely communicate with an unlimited number of clients, vendors, suppliers, business partners, other service providers, or family members.

Remember that the GDPR also applies to data managed by you outside of Encyro and you may find additional cyber security guidance on our security blog, such as to enforce automatic log off on your computers. The the NCSC website provides additional resources.

Need to sign a DPA?

If you collect or receive data from any customer or client in the EU, you may be treated as a controller in GDPR terminology. When you use Encyro services for communicating and storing your customer, employee, or other individuals’ data, Encyro becomes a processor for you. According to GDPR Article 28 (3), a controller may be required to enter into a written contract, also known as a Data Processing Agreement (DPA), with every processor that they engage.

Encyro is happy to sign a DPA to help you comply with GDPR requirements. Please sign up for a Pro membership and contact us for the DPA.

Gramm Leach Bliley (GLB) Act

The GLB Act of 1999 and the Safeguards Rule of 2002 require all financial service providers to protect their customer’s financial privacy and is enforced by the US Federal Trade Commission (FTC).

The rule applies to any business entity significantly engaged in financial activities. FTC provides examples of included financial activities, though other financial activities may also be covered:

  • lending, exchanging, transferring, investing for others, or safeguarding money or securities. These activities cover services offered by
    • lenders (including non-bank lenders),
    • check cashers,
    • wire transfer services, and
    • sellers of money orders.
  • providing financial, investment or economic advisory services. These activities cover services offered by
    • credit counselors,
    • financial planners,
    • tax preparers,
    • accountants, and
    • investment advisors.
  • brokering loans
  • servicing loans
  • debt collecting
  • providing real estate settlement services
  • career counseling (of individuals seeking employment in the financial services industry)

The GLBA and the Safeguards Rule (16 C.F.R. Part 314, 67 Fed. Reg. 36484, 2002) require you to protect nonpublic personal information (NPI). NPI is any personally identifiable financial information that you collect or receive and is not otherwise public.

Encyro helps you comply with safeguards rule requirements to

  • encrypt data when sent over the network,
  • use encrypted files to store customer data,
  • make it automatic for customers to send encrypted (through the use of your Encyro upload page)
  • enforce strong passwords
  • automatically log you out after a period of inactivity, and
  • maintain logs of activity (through the Audit Trails feature)

Start taking advantage of all the above safeguards today: sign up for a free Pro membership trial (no credit card necessary).

IRS Pub 4557

IRS Publication 4557 provides seven checklists for tax preparers to help protect your clients’ tax data and also protect your business from a data breach and the resulting loss of revenue and reputation.

Encyro provides sophisticated security and privacy safeguards to help you securely send and receive clients’ tax data including W2’s, pay stubs, tax returns, signature pages, business accounting records, voided check photos, and other financial information.

Check out the IRS specific safeguards in Encyro.

You can start saving on printing, mailing and faxing costs right away.

Encyro is mobile friendly and lets your clients take a photo (to scan a donation receipt, voided check or other document) directly with their phone and upload to you without creating an account or jumping through other hoops.

PCI-DSS

PCI-DSS requires safeguarding credit card data that you receive.

Email is not a secure way to ask a customer to provide their credit card information to set up their automatic payment, say for an insurance policy or other service you are obtaining for them. Email is also not secure to share your business card data with your employees or vendors.

Encyro helps you securely communicate credit card data, protected using encryption and multiple security safeguards.

Additional Standards

When you send and receive data with Encyro:

  • You benefit from a long list of privacy and security safeguards that we have in place.
  • You get multiple backups of your data within each data center and remote backups at a data center hundreds of miles away. This protects your data against not only local equipment failures but also many of the major events such as hurricanes, floods, fires, earthquakes and others that affect an entire region.
  • You get detailed audit trails of your account activity, both for your own review and to help comply with regulations.

All these features help you satisfy the requirements of many regulatory compliance standards.

Get started with a free Pro membership trial (no credit card necessary).