HIPAA overview
MASLOW operates as a business associate under HIPAA. We execute Business Associate Agreements (BAAs) with all covered entity clients and maintain safeguards required under the HIPAA Security Rule.Technical safeguards
| Safeguard | Implementation |
|---|---|
| Access control | Role-based access, unique user IDs, automatic session timeout |
| Audit controls | All access to PHI is logged with timestamps and user identity |
| Integrity controls | Data validation, checksums, and version tracking |
| Transmission security | TLS 1.2+ for all data in transit |
Administrative safeguards
- Workforce training — all MASLOW team members receive HIPAA training
- Access management — access to production systems restricted to authorized personnel
- Incident response — documented procedures for identifying and responding to security incidents
- Risk assessments — regular security risk assessments conducted
Physical safeguards
MASLOW infrastructure runs on AWS, which maintains physical security controls including:- Data center access controls
- Environmental protections
- Equipment disposal procedures