Policy on User Licenses

As part of our commitment to providing a secure and compliant platform, it is our policy to use named user licenses rather than shared seats. This approach is critical for several reasons, particularly in alignment with regulatory requirements.

1. Enhanced Data Security

   • Named user licenses restrict access to individual users, ensuring that sensitive information remains confidential and is compliant with HIPAA regulations. HIPAA requires entities to implement security measures to protect electronic protected health information (ePHI) and limit access to only authorized individuals.

2. Clear Accountability

   • Assigning licenses to specific users fosters accountability for actions taken within the platform. This is vital under HIPAA, which mandates accountability through safeguards and training for workforce members. Named licenses help document who accessed sensitive information, thereby enhancing compliance efforts.

3. Compliance Assurance

   • Named user licenses support our commitment to SOC-2 standards, which evaluate the effectiveness of security controls related to customer data. SOC-2 emphasizes the need for access controls and regular monitoring of user activity. Named user licenses facilitate better tracking and auditing of user interactions, aligning with the principles of SOC-2.

4. Operational Efficiency

   • With individual licenses, complications related to access and functionality are minimized, leading to smoother operations and uninterrupted workflows. This is especially important in a healthcare environment where efficient data handling impacts patient care.

Adhering to the policy of using named user licenses is a best practice that enhances your organization’s security posture while ensuring compliance with critical regulations like HIPAA and SOC-2. We encourage all teams to embrace this policy to significantly improve data protection and operational effectiveness.