CogniFit Gets Vital Soc 2 & HIPAA Certification
August 26, 2022: For anyone working in the upper echelons of health and information security (at least the business parts of it), the terms SOC 2 and HIPAA are easily recognizable terms. But for the rest of us, they might sound like gaming consoles or dust filtration systems (thatâs HEPA by the way).
So, today weâre not only going to celebrate CogniFitâs certification of both SOC 2 and HIPPA, but weâre also going to explain the nitty gritty (in simple terms) so everyone can understand how these two certifications affect them personally when they use the site and CogniFitâs products.
What is SOC 2 & Why Is It Important?
Soc 2 stands for âSystem and Organization Controlsâ and is also sometimes called âSSAE 18.â
Itâs one of the most sought-after standards for company security compliance. A certified outside company (specifically the American Institute of Certified Public Accountants) comes in and audits what they need to in order to make sure everything is safe enough and working in the right way.)
This can include anything in the â5 Trust Principlesâ – Security, Availability, Processing Integrity, Confidentiality, and Privacy. Some examples include:
- How you run your engineering systems
- HR processes like updating job descriptions
- Private information is protected
- How you onboard new employees
- Can employees and users rely on systems to get the information they need?
- Is information protected from unauthorized access?
There are obviously more points, but that would involve an entirely manualâs worth being put into the article. But, if we were to boil all of this down, getting a SOC 2 certification is having an enterprise-level gold standard in data privacy.
This means anyone (from those logging in to just play games or scientists using CogniFitâs research platform to perform tests and experiments) will know all their information is safe.
But What About HIPAA Certification?
Itâs been an exciting double-feature week at CogniFit, with us also getting a glowing HIPPA certificate. However, this is another piece of paper that most people wonât know about. And the general definition is not easy to understandâŠ
âHIPAA certification is an accreditation or documentation that demonstrates an organization has implemented an effective HIPAA compliance program and is fully compliant with all appropriate provisions of the HIPAA Rules.â
This doesnât help much unless youâre someone in âthe know.â
But if youâre not in the know, donât worry. Itâs quite easy to clear up and equally interesting.
First, it stands for Health Insurance Portability and Accountability Act. Itâs a US privacy law to protect medical information like patientsâ records and allow for confidential communication between patients and medical professionals.
In the USA, the health industry is a maze of papers, rules, laws, loopholes, forms, training, and who knows what else. The HIPPA training program is part of this confusing process. However, donât confuse this training with becoming something like a doctor or a nurse. Itâs not the same at all. You donât become a healthcare professional with it.
HIPPA can take on many forms. It can be an inspection with a checklist from a third-party company. It can be a training or a boot camp. There is also an Army version of this training as well.
Here are some general HIPAA certification examples that will make things even clearer:
- Leaving a patient file open on your desk is a big no-no because it violates patient privacy.
- Never leave your computer unlocked while youâre away from it, so peopleâs data stays safe.
- Having NDA and making sure not to discuss sensitive data where people could overhear.
- Making sure all patient information (from hardcopies to Cloud files) are safe and sound.
- Is there a customer service line anyone can reach at any time if there are problems?
- Do employees have regular, updated training?
- Has the company/entity been around long enough and formed a positive reputation with its customers or patients?
In CogniFitâs case, Prescient Assurance was the evaluator. They are a leader in security and compliance attestation for B2B, SAAS companies worldwide.
âPrescient Assurance is a registered public accounting in the US and Canada and provides risk management and assurance services which include but is not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR.â
SOC 2 & HIPPA Certification Last Thoughts
Boiling things down even further, having a SOC 2 and HIPAA certification for CogniFit is another major milestone for the company. Itâs yet another demonstration of the promise of trust and security for our customers.
Brain gamers can play without worry. Researcher and educators can help their patients and students with confidence. And businesses can look at CogniFit as a sound partner if they have exciting ideas for collaboration.
