August 26, 2022: For anyone working in the upper echelons of health and information security (at least the business parts of it), the terms SOC 2 and HIPAA are easily recognizable terms. But for the rest of us, they might sound like gaming consoles or dust filtration systems (that’s HEPA by the way).
So, today we’re not only going to celebrate CogniFit’s certification of both SOC 2 and HIPPA, but we’re also going to explain the nitty gritty (in simple terms) so everyone can understand how these two certifications affect them personally when they use the site and CogniFit’s products.
What is SOC 2 & Why Is It Important?
Soc 2 stands for “System and Organization Controls” and is also sometimes called “SSAE 18.”
It’s one of the most sought-after standards for company security compliance. A certified outside company (specifically the American Institute of Certified Public Accountants) comes in and audits what they need to in order to make sure everything is safe enough and working in the right way.)
This can include anything in the “5 Trust Principles” – Security, Availability, Processing Integrity, Confidentiality, and Privacy. Some examples include:
- How you run your engineering systems
- HR processes like updating job descriptions
- Private information is protected
- How you onboard new employees
- Can employees and users rely on systems to get the information they need?
- Is information protected from unauthorized access?
There are obviously more points, but that would involve an entirely manual’s worth being put into the article. But, if we were to boil all of this down, getting a SOC 2 certification is having an enterprise-level gold standard in data privacy.
This means anyone (from those logging in to just play games or scientists using CogniFit’s research platform to perform tests and experiments) will know all their information is safe.
But What About HIPAA Certification?
It’s been an exciting double-feature week at CogniFit, with us also getting a glowing HIPPA certificate. However, this is another piece of paper that most people won’t know about. And the general definition is not easy to understand…
“HIPAA certification is an accreditation or documentation that demonstrates an organization has implemented an effective HIPAA compliance program and is fully compliant with all appropriate provisions of the HIPAA Rules.”
This doesn’t help much unless you’re someone in “the know.”
But if you’re not in the know, don’t worry. It’s quite easy to clear up and equally interesting.
First, it stands for Health Insurance Portability and Accountability Act. It’s a US privacy law to protect medical information like patients’ records and allow for confidential communication between patients and medical professionals.
In the USA, the health industry is a maze of papers, rules, laws, loopholes, forms, training, and who knows what else. The HIPPA training program is part of this confusing process. However, don’t confuse this training with becoming something like a doctor or a nurse. It’s not the same at all. You don’t become a healthcare professional with it.
HIPPA can take on many forms. It can be an inspection with a checklist from a third-party company. It can be a training or a boot camp. There is also an Army version of this training as well.
Here are some general HIPAA certification examples that will make things even clearer:
- Leaving a patient file open on your desk is a big no-no because it violates patient privacy.
- Never leave your computer unlocked while you’re away from it, so people’s data stays safe.
- Having NDA and making sure not to discuss sensitive data where people could overhear.
- Making sure all patient information (from hardcopies to Cloud files) are safe and sound.
- Is there a customer service line anyone can reach at any time if there are problems?
- Do employees have regular, updated training?
- Has the company/entity been around long enough and formed a positive reputation with its customers or patients?
In CogniFit’s case, Prescient Assurance was the evaluator. They are a leader in security and compliance attestation for B2B, SAAS companies worldwide.
“Prescient Assurance is a registered public accounting in the US and Canada and provides risk management and assurance services which include but is not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, and CSA STAR.”
SOC 2 & HIPPA Certification Last Thoughts
Boiling things down even further, having a SOC 2 and HIPAA certification for CogniFit is another major milestone for the company. It’s yet another demonstration of the promise of trust and security for our customers.
Brain gamers can play without worry. Researcher and educators can help their patients and students with confidence. And businesses can look at CogniFit as a sound partner if they have exciting ideas for collaboration.