Security and HIPAA compliance

Overview

Information security is BloomText's highest priority. Products are designed and engineered with strong data safeguards first — both in compliance with HIPAA and as an engineering default.

This article summarizes how data is secured, who can access it, where it is hosted, and how BloomText clients handle protected health information (PHI).

The short answer

• All data BloomText stores, receives, and transmits is encrypted with industry-standard encryption.
• PHI is only accessible to a small team of HIPAA-trained employees. All PHI access is logged and audited by BloomText's HIPAA Security Officer.
• Non-PHI data (usernames, organization details) is protected by strict need-to-know access controls. All access is logged.
• PHI is never persisted on devices that access BloomText. The moment you close the app or leave the site, any temporary PHI is purged.
• Admins control their organization's member list. Removing a member immediately revokes their access to all organization data.

Hosting

BloomText runs on Google Cloud. A signed Business Associate Agreement (BAA) is in place with Google, and the services used are on Google Cloud's HIPAA-compliant list.

Data access policy

Access to BloomText services — and to the data stored by those services — is strictly limited to essential employees. Every service configuration change and every data access is logged and reviewed promptly.

Employee access to PHI is restricted to a small team of HIPAA-trained engineers. PHI access is additionally audited by BloomText's HIPAA Security Officer.

In the unlikely event of unauthorized data access, BloomText security personnel will promptly inform all relevant parties in compliance with HIPAA disclosure regulations.

Client-server communications

All BloomText clients — web, mobile, and desktop — communicate with BloomText servers over SSL/TLS. SSL is terminated at a Google Cloud load balancer, and requests are forwarded to internal BloomText hosts. BloomText hosts communicate with each other over an isolated, secure IPSEC network.

PHI on clients

BloomText clients do not store PHI in long-term storage on user devices. Every login re-syncs from the server, and cached data is purged from memory on logout or when the application is terminated.

The only information stored long-term on a BloomText client is:

1. A unique device identifier.
2. The identity of the last user to log in to BloomText on the device.
3. A unique session key identifying the current BloomText session.

Business Associate Agreement

BloomText offers a free signed BAA to all customers. See the BAA summary for an overview and a link to the full legal text.

Privacy policy

Privacy policy lives on the marketing site at bloomtext.com/support/privacy-policy.

Edge cases / gotchas

• Removed members lose data access instantly. Removal is immediate and global across all of that member's devices.
• PHI is purged on close, not on navigate. Refreshing the web app re-syncs from the server; you don't keep stale PHI in memory across logout.
• BAAs are per-organization, not per-user. The signed BAA covers your whole organization; individual users don't sign a separate BAA.
• Security questions are always welcome. If your compliance team needs specifics that aren't covered here, email support@bloomtext.com.

Related flows

• Business Associate Agreement
• Administrative features