Careswitch is committed to ensuring the confidentiality, privacy, integrity, and availability of all electronic Protected Health Information (PHI) it receives, maintains, processes and/or transmits on behalf of its customers. As providers of applications used by covered entities, Careswitch strives to maintain compliance, proactively address information security, mitigate risk for its customers, and assure known breaches are completely and effectively communicated in a timely manner.

Web Application Technical Safeguards

The Careswitch web application is built using industry-standard best practices with technical safeguards to properly handle PHI. These safeguards include, but are not limited to, authorization and access control, encryption over the wire via HTTPS, no PHI in email, SMS and web notifications, no PHI stored in browser session storage, browser local storage, cookies, etc.

Mobile Application Technical Safeguards

The Careswitch mobile applications share the same technical safeguards as the web application, including but not limited to the following additional safeguards:

  • PHI is not exposed in any of our notification delivery mediums such as push notifications; you can only view the full notification messages inside of the apps

  • Documents containing PHI can only be viewed within each app’s sandbox

Business Associate Agreement

Careswitch has signed Business Associate Agreements (BAAs) with all software vendors that handle PHI on Careswitch’s behalf. Careswitch signs BAAs with all customers.

Did this answer your question?