HIPAA - How to Avoid Exposing PHI

Learn how to avoid exposing PHI data when using Localize.

The Localize TMS is HIPAA compliant. This means that you can rest assured that Localize will adhere to the administrative, technical and physical safeguards of the HIPAA Security Rule.

However, your team will be responsible for ensuring that PHI isn't mistakenly exposed to your end users when using Localize to translate your websites or mobile apps. Below are best practices that should be followed to keep your data safe and private.

Do:

  • The safest thing to do is to keep PHI from ever getting into your Localize dashboard in the first place!
  • If you see PHI in your Localize dashboard, move it to the Blocked bin.
    • Or move it to the Trash bin and Empty the trash.
    • Then use the guidelines in the document mentioned above to stop the PHI from coming into your Localize dashboard.

Don't:

  • Don't publish/approve phrases that contain PHI using any of the following methods:
    • ...using the dashboard.
    • ...using the autoApprove option in your Localize.initialize() call
      • Auto-approving phrases in a Web Project will put any new phrases directly into your Published bin.
      • A machine translation will then be generated for the phrase which will be immediately available to your end users.
    • ...adding a data-localize=”autoApprove” attribute to a phrase containing PHI in your website code.
      • Adding this attribute will add the autoApprove label to the phrase and the phrase will be moved to the Published bin.
    • ...using the Localize REST API or the Localize CLI:
      • Don't add an auto-approve label to any content that contains PHI
  • Don't order human translations through your Localize dashboard for phrases that contain PHI.
    • This will expose the PHI to our Language Service Providers, and we can't guarantee that they are HIPAA compliant.
  • Don't export phrases from the Pending bin that contain PHI.

📘

Request a BAA

Need a Business Associate Agreement for your organization? Schedule a call with one of our Account Executives to learn more.


Did this page help you?