Google Meets HIPAA Compliance and Security Measures:
Impact Family Inc. utilizes Google Meets for webcam sessions. Google ensures that health-related organizations' customers’ data is safe, secure, and HIPAA compliant. To demonstrate our compliance with industry security standards, Google has sought and received security certifications such as ISO 27001 certification and SOC 2 and SOC 3 Type II audits.
G Suite and Cloud Identity can also support HIPAA compliance for customers subject to the Health Insurance Portability and Accountability Act (HIPAA) requirements. Under HIPAA, certain information about a person’s health or healthcare services is classified as Protected Health Information (PHI). G Suite and Cloud Identity customers subject to HIPAA and wishing to use G Suite or Cloud Identity with PHI must sign a Business Associate Agreement (BAA) with Google.
Please download the Impact Family Inc. Business Associate Addendum with Google/Alphabet.
Fireflies.ai HIPAA Compliance and Security Measures
Impact Family Inc. may sometimes use third-party applications such as Fireflies.ai only to record audio and transcribe meeting notes. These notes are shared with the client as part of our commitment to transparent and accessible communication. We ensure all third-party applications are HIPAA compliant and adhere to strict industry standards to protect your PHI. By engaging in services with Impact Family Inc., you acknowledge and consent to using such third-party applications for note-taking and record-sharing purposes.
Fireflies.ai is HIPAA-compliant and adheres to strict measures to protect patient health information in the United States. To safeguard your health data, Fireflies implements the following security protocols:
- Private storage to ensure HIPAA compliance.
- Business Associate Agreements (BAA) with vendors such as OpenAI and ASR ensure they do not trade, train, or store your data.
- Zero-day retention policy: No data is stored on vendor systems, such as OpenAI, for any duration.
How Do Fireflies Manage Security Vulnerabilities?
Fireflies.ai is regularly scanned using industry-standard tools to monitor and detect vulnerabilities. To further enhance security, Fireflies runs a continuous bug bounty program with HackerOne to identify and address potential vulnerabilities. However, no security system is entirely impenetrable. In a security breach, Fireflies will take reasonable steps to investigate, notify affected individuals, and comply with all relevant laws and regulations.
Data Encryption and Security
Fireflies.ai ensures that all user data, including meeting transcripts, audio recordings, calendar events, emails, and user settings, is encrypted end-to-end, both at rest and in transit, using industry-standard encryption protocols. Specifically:
- Data encryption: 256-bit AES encryption for data at rest and TLS 1.2 encryption for data in transit.
- Backup snapshots: Metadata (calendar events, emails, user settings) is backed up every 4 hours and retained for a maximum of 1 year. No transcripts or audio recordings are stored in these snapshots.
Fireflies implement robust security practices to maintain the confidentiality and integrity of all data collected and shared with its service providers.