Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

HIPAA Compliance

Ripple Security & HIPAA Compliance Overview

Ripple’s security features are designed to meet or exceed HIPAA guidelines, ensuring the protection of sensitive research and participant data. For customers subject to HIPAA regulations, Ripple signs Business Associate Agreements (BAAs) to formalize compliance commitments.

1. Infrastructure & Data Protection & Data Protection

🔹 Secure Data Centers – Ripple operates in HITECH-certified data centers.
🔹 Isolated Server Architecture – Separate database and application servers prevent unauthorized cross-access.
🔹 Redundancy & Data Protection – Uses a double-server redundancy system with 3-replica sets for high availability.
🔹 Dedicated Resources – Non-shared, customer-specific servers with logical data segmentation.
🔹 Firewall & Intrusion Detection – A dedicated firewall and intrusion scanning monitor for threats in real time.

2. Data Encryption & Secure Transmission

🔹 SSL 2048-bit encryption – Ensures all data is encrypted during transit.
🔹 Encryption at RestDisk-level encryption safeguards stored data from unauthorized access.

3. Audit Controls & Activity Logging

🔹 Comprehensive Audit Logs – Fully readable logs are available for account administrators.
🔹 Detailed Event Tracking – Logs all view, edit, delete, and modify actions for transparency.
🔹 Custom Auditable Events – Allows customers to define which system events should be tracked.
🔹 Failed Login Attempt Logging – Records all unsuccessful login attempts for security monitoring.

4. Access & Authentication Controls

🔹 Username & Password Protection – Enforces strong password requirements (SC 03.02).
🔹 Automatic Logoff – Session timeout is customizable to prevent unauthorized access.
🔹 Password Security Features:
Password expiration (customizable).
No password reuse for 12 months.
Case-sensitive usernames (ISO-646/ECMA-6).
Limited feedback after failed login attempts to prevent brute-force attacks.
🔹 Account Lockouts – Automatically locks user accounts after a customizable number of failed login attempts.
🔹 Access Groups & Roles – Customizable access groups with role-based permissions.
🔹 Single Sign-On (SSO) Option – Available for enhanced authentication.
🔹 Restricted Data Access – Ripple’s staff cannot access customer data except when legally required or when explicitly authorized by the customer for technical support or data recovery.

Best Practices for Secure Usage

Regularly review user access permissions and remove inactive accounts.
Enable strong password policies and require regular password updates.
Monitor audit logs for unusual activity and investigate unauthorized access attempts.
Implement SSO authentication if additional security is needed.

Ripple's enterprise-grade security ensures confidentiality, integrity, and availability of research data, aligning with HIPAA and HITECH security standards. 🚀