Journey to HIPAA: Prioritizing Security, Privacy, and Compliance

From the desk of David Matusiak, GoFormz Director of Security

At the core of GoFormz is our commitment to provide a secure and dependable solution for our customers' business data.

As our customers' needs have evolved over time, we have made privacy and security capabilities a major priority for the entire company." In mid-2019 we released a HIPAA-secure edition of GoFormz, an important milestone in our efforts to go beyond “Checkbox Security” to build a long-term and comprehensive plan to protect our customers’ data. 

Pursuing compliance
Our journey to HIPAA compliance began with a core assessment of the GoFormz platform, to determine the facts regarding how our systems are managed and how data is stored and protected. As GoFormz’s Security Director, I performed this assessment during my first few months with the company, so we could prioritize certain technological changes and policy initiatives. This assessment was then shared with Avertium, a third-party Risk Assessment consultant, who would act as a second set of eyes, to verify our approach to compliance and review any plans for improvement. 

Over the next few months, we worked with Avertium to identify and initiate the necessary steps to HIPAA compliance. This process included upgrading and installing new security technologies (such as laptop encryption) and developing the policies and procedures that are necessary to seamlessly manage our infrastructure. After about ten months of hard work, GoFormz achieved HIPAA compliance. 

Ongoing security and training efforts
Today at GoFormz, HIPAA compliance and security is involved in everything we do. For example, we conduct regular employee awareness training, as well as quarterly training for our developers in writing and auditing secure code. It is extremely important for the whole GoFormz organization to be aware of the relevant laws and restrictions, and to have an understanding of how to perform regular business practices in a secure and confidential manner. We also work with Microsoft Azure and our other technology partners on a regular basis to find ways to improve data protection and system resilience. Another key security partner is Veracode, a world-class leader in code scanning, to ensure we are vigilant of any vulnerabilities, each step of the way. 

We have also implemented a robust system to backup and restore company laptops and cloud services, in the event of data loss or an emergency. Additionally, staff now have immediate access to clear security policies and procedures, allowing our team to easily reference the information they need. 

Why HIPAA compliance matters
HIPAA compliance makes GoFormz an even stronger and more competitive mobile forms solution. Overall, the in-depth exploration and documentation of how GoFormz operates is highly valuable for all team members and for the company as a whole. As a company, we strive to provide our customers with a product they can trust with their data: an effort that makes our HIPAA and GDPR compliance all the more critical. 

If you’d like to learn more about GoFormz security, reach out to us at support@goformz.com or explore our HIPAA overview page.