Jiff Earns HITRUST Certification for Top-Quality Data Security

By Zlatko (“Z”) Unger, Jiff Director of Security and Compliance

Jiff keeps data privacy and security concerns at the top of our priority list, and now we have the credentials to prove it.

We’re proud to announce that Jiff has earned Certified status for information security by the Health Information Trust (HITRUST) Alliance.

This is an achievement that is only granted to those with the highest-quality data privacy and security controls. Our HITRUST Common Security Framework (CSF) Certification has been validated by a trusted third party HITRUST CSF Assessor.

We are in the midst of the digital health revolution with new healthcare apps, devices, and technology-enabled services emerging every day. While these digital health tools hold great promise in changing the healthcare value equation, their rise comes with real concerns about employee data privacy and security. Jiff’s enterprise health benefits platform addresses these concerns by putting a trusted, secure, and independent layer between employers and the personally identifiable health data of their employees.

We pride ourselves on putting in place technological and physical safeguards to ensure the maximum security possible – appropriate for HIPAA-protected information – and to prevent a data breach. Data entrusted to Jiff is encrypted through every stage of the platform – in transit and at rest – and stored in a private cloud network on dedicated hardware. Jiff’s team continuously works to fine tune and update these safeguards.

Achieving HITRUST CSF Certification is a great validation of our commitment to the security of employers’, employees’, and our platform partners’ data. HITRUST’s CSF is a comprehensive security framework developed to address the multitude of security, privacy, and regulatory challenges faced by healthcare organizations. HITRUST CSF is the most widely-adopted security framework in the U.S., incorporating all major nationally and internationally accepted standards and kept up-to-date on the latest security regulations and security risks.

Implementing HITRUST CSF at Jiff also allowed us to meet Service Organization Controls (SOC) 2 reporting standards relevant to security, availability, and confidentiality. SOC reports are a type of accounting standards that help businesses that collect financial information build trust in their services through a report by an independent Certified Public Accountant. This gives Jiff a valuable additional report of compliance, and we are working towards another, SOC 2 Type II report, in 2017.

Another step we have taken to ensure the highest level of data security is obtaining EU-U.S. Privacy Shield certification by the U.S. Department of Commerce.

The Privacy Shield certification was agreed to by the Department of Commerce and the European Commission as a method of ensuring U.S companies take proper measures to protect the personally identifiable information of EU citizens.

Employers have more options than ever before to offer employee health and benefits programs designed to cut healthcare costs and cultivate a happier, healthier workforce. But, employers must ensure their employees’ personal data and health information remains safe throughout these programs. Jiff’s platform makes it easy for employers to offer personalized benefits and track their effectiveness in a way that protects employee privacy and security.

The Jiff platform provides anonymous, secure, and aggregated data in an easy-to-use interface. Jiff analyzes this data so that employers can manage and get the most out of their benefits, and it does so in a way that meets the highest of security standards.

If you are interested in reading Jiff’s HITRUST CSF validated assessment report, or SOC 2 Type I report, please contact us. For our EU-U.S. Privacy Shield certification, you can find Jiff’s listing on U.S. Department of Commerce’s site.