HIPAA Compliance

Data Security

Keeping information safe and secure is our top priority. We never store data in our system in plain text (not encrypted) and we only save the encrypted data with the permission of the individual customer. Should data be saved (for additional merges/downloads), it will be immediately deleted upon expiration (a setting that is set by the customer).

All data is transferred via secure connections using SSL and is protected from unauthorized access behind a firewall. Once a merge is complete and the data is not needed, any trace of that information is deleted from WebMerge systems.

Access Control

Access to WebMerge systems and servers is monitored 24/7 and protected behind a firewall. All employee logins and customer logins are tracked and saved for historical purposes. If unauthorized access is gained, we are immediately notified and can circumvent/destroy the authenticated session – preventing access to the system.

Data Privacy

Alongside our Data Security policies, we never share any information that is sent to WebMerge. Any information that is stored for later merges is encrypted and unreadable. We will never use this information in any way other than using it to create your merged documents.

Assumptions and Limitations

Due to the nature of anonymity and non-standardized data that we receive, we do not have a way to detect sensitive information that should be protected by HIPAA rules. We take every step we can to make sure that customer data is secure, but we must lean on you as the customer to keep your information safe as well. If your documents do not require certain sensitive information, please make sure to only send the information that is necessary for your documents. This will ensure that your data remains secure.