On the FusiformCAST/FactoryFour platform, HIPAA compliance is primarily achieved through the following sub-processors of FactoryFour (services we use to power our applications):

We have HIPAA BAA's signed with these sub-processors of your data to ensure that they remain compliant with our obligations under HIPAA's HITECH guidance. We perform extensive validation of our infrastructure and network setups to ensure we are using them in a compliant manner.
​

Encryption is the next primary tenant of HIPAA. We do utilize encryption in transit and at rest for all data storage, including raw data and media files, such as scans. Our applications are served via SSL which means that communications to our servers and API are all encrypted (in transit). Data stored by our servers is encrypted with 256 bit encryption keys (at rest).
​

Finally, access controls are employed throughout FactoryFour. FactoryFour engineering staff do maintain control over the core encryption keys for data disaster recovery and backup. We internally audit these logs to ensure no misuse.
​

For more detailed information, please review:

Infrastructure and Disaster Recovery documentation.

For any further questions, reach out to the Fusiform Customer Service Team at [email protected] by email or using the Customer Service Contact Panel found in Fusiform.