Watch a Sisense Demo
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that establishes data privacy and security requirements for organizations that are charged with safeguarding individuals’ protected health information (PHI). Sisense platform is a HIPAA-ready solution that provides a high level of data security needed to maintain HIPAA compliance. In provisioning and operating the Sisense platform and services, Sisense complies with the provisions of the HIPAA Security Rule, Breach Notification Rule, and Privacy Rule that are required and applicable to it in its capacity as a business associate. As such, Sisense has experience partnering with its healthcare customers to ensure that each party is meeting their respective HIPAA obligations.
We understand the importance of data security to our healthcare customers and Sisense continuously implements security protocols and industry leading practices to achieve top level certifications such as ISO and SOC2.
Sisense provides several key security features to its customers that enables HIPAA compliance.
Protection of Data in Transit. Sisense leverages Transport Layer Security (TLS) 1.2+ to secure data in transit.
Protection of Data at Rest. Sisense helps customers implement the proper encryption methods for any data stored on the Sisense platform.
Data Access Controls. Sisense account administrators have secured access to manage individual, group, or organization level management. You can find out more on our Security and Trust page. Additionally, Sisense can configure customer specific data access controls to help secure your data. You can learn more here:
You, as the customer, are responsible for ensuring that the environment and applications that you rely on when using Sisense services are properly configured and secured according to HIPAA requirements. Since Sisense itself is not a database, but a reporting and query tool, Sisense’s HIPAA compliance is contingent on your compliance with HIPAA requirements. This is often referred to as the shared security model.
Sisense offers a number of ways to help you manage your data security and governance and to maintain your HIPAA compliance. However, you are ultimately responsible for securing the following areas and Sisense takes no responsibility for any breach or violations that result from:
Sisense recommends the following technical best practices when configuring the Sisense platform to maintain HIPAA compliance:
Auditing Access to PHI. Depending on the level of access that your users will have to PHI, Sisense can help you implement row-level monitoring of access to sensitive data. You can learn more here:
Secure Configuration. Implement industry-standard methods of authenticating users such as two-factor authentication or SAML-supported SSO iDP, and to the extent a user relies on SSO, restrict the “login_special_email” permission to a maximum of 2 users.
Database Security. Configure the database access to ensure Sisense does not have any write or administrative access to your databases.
Encryption. Ensure that all connections to the database are encrypted in transit, and if using an SSH tunnel connection, that a tunnel server is employed.
Implementation. When implementing Sisense in a complex data environment involving PHI, we recommend you get help from partners and service providers with HIPAA expertise to determine your compliance needs and requirements. Sisense Sales Engineers and Support staff will provide support along the way to assist in meeting your goals or guiding you to an appropriate deployment model.