How to stay HIPAA compliant on Makerble

Makerble HIPAA Compliance

Makerble is committed to safeguarding the privacy and security of healthcare information in accordance with the Health Insurance Portability and Accountability Act (HIPAA). Our platform is designed to meet the stringent requirements of HIPAA, ensuring that Protected Health Information (PHI) is handled with the utmost care.

1. Data Encryption

  • At Rest: All data stored within the Makerble platform is encrypted using industry-standard encryption protocols (AES), ensuring that data is secure when it is stored on our servers. 

  • In Transit: Data is encrypted during transmission using Secure Socket Layer (SSL) technology, protecting data from unauthorized access during communication between users and our platform. 

For more detailed information, you can read our full privacy policy here.

2. Access Controls

  • User Authentication: Access to data on the Makerble platform is restricted through robust user authentication mechanisms, including two-factor authentication (2FA). This ensures that only authorized individuals can access sensitive data, adding an extra layer of security by requiring a second form of verification in addition to the user's password.

  • Single Sign-On (SSO) using Authentik: Makerble uses Authentik, a flexible Single Sign-On (SSO) solution, to centralize user authentication. SSO allows users to authenticate once and gain access to multiple systems, streamlining the login process while maintaining high levels of security.

3. Auditing and Monitoring

  1. Activity Logs: Makerble maintains detailed audit logs of all activities, ensuring that any access or modifications to sensitive data are tracked and monitored. However, these logs are retained for a limited period of 2 days, after which the log data is automatically deleted. 

  2. Regular Audits: Routine security audits are conducted every six months to assess compliance with HIPAA standards and identify potential vulnerabilities within our systems. These audits are comprehensive, covering a wide range of security aspects such as:

  • Access Controls: Evaluating the effectiveness of current access management protocols and ensuring only authorized personnel can access sensitive data.

  • Data Encryption Practices: Verifying that encryption standards meet industry benchmarks for both data at rest and data in transit.

  • Incident Response Readiness: Review the incident response plan to ensure it remains effective and up-to-date, including mock drills to test response times and actions.

  • Physical Security Measures: Assessing physical security controls at data centers and office locations to ensure they are aligned with compliance requirements.

4. Incident Response Plan:

At Makerble, we prioritize the swift and effective handling of any potential issues that may arise. Our incident response approach ensures that we can quickly address and resolve any unexpected situations, minimizing disruptions and maintaining the trust of our users.

  1. Monitoring and Early Detection:

    • We have automated systems in place that allow us to quickly identify and respond to unusual activity. This proactive approach helps us catch potential issues early.

  2. Swift Action:

    • In the event of a suspected issue, our dedicated team, led by a Cyber Security Engineer, is ready to take immediate steps to address the situation. This includes isolating any affected areas and ensuring that everything is back to normal as quickly as possible.

  3. Clear Communication:

    • We believe in transparency and will keep all relevant parties informed throughout the process. If necessary, we will promptly notify those affected and provide clear guidance on any steps they need to take. 

  4. Recovery and Restoration:

    • After resolving the issue, we focus on restoring everything to its full functionality. This includes ensuring that all data and services are fully operational and secure.


For more detailed information, please click here.


5. Compliance and Governance

  1. Privacy Officer: Our dedicated Privacy Officer, a cybersecurity engineer, oversees Makerble's HIPAA compliance efforts.
    Their responsibilities include:

    Ensuring that all policies and procedures related to the handling of Protected Health Information (PHI) are up to date and compliant with HIPAA regulations.

  • Conduct regular risk assessments to identify potential vulnerabilities and implement corrective measures.

  • Leading incident response efforts in the event of a data breach, including coordinating with relevant authorities and ensuring proper notification procedures are followed.

  • Overseeing the training and education of employees regarding HIPAA compliance and data security.

  • Serving as the primary point of contact for any HIPAA-related inquiries or concerns.

  1. Employee Training: We prioritize ongoing security awareness for all employees to ensure they are well-equipped to protect sensitive data.
    Employees undergo comprehensive security awareness training that covers topics such as data protection, phishing awareness, password management, and HIPAA compliance.

  • Frequency: Training sessions are conducted every 3 months.


6. Data Availability:

  • Infrastructure Uptime: Our infrastructure providers guarantee a minimum of 99% uptime and maintain N+1 redundancy for power and network services.

  • Fault Tolerance: We have implemented backup and replication strategies to ensure data availability and resilience in the event of disruptions. Customer data is regularly backed up to protect against data loss. 

7. Physical Security:

        At Makerble, we leverage Azure’s advanced physical security protocols to protect our infrastructure and your data. Azure data centers are designed with state-of-the-art security measures, including strict access controls, continuous surveillance, and robust environmental safeguards.
        For more detailed information about Azure's physical security, you can read about it here.

Additional Security Measures

To further enhance our security posture, Makerble implements:

  • Firewall Protection: Utilizing Cloudflare and Wazuh to monitor and block potential threats.

  • Monitoring and Logging: Employing Grafana and Loki for real-time monitoring and logging of system activities.

  • Secured Access: Using internal VPNs to ensure secure access to our systems.

This comprehensive approach ensures that we are well-positioned to protect sensitive data and maintain the highest standards of security and compliance.

If you have any questions about any of these points, please contact [email protected]