HIPAA - How to Avoid Exposing PHI
Learn how to avoid exposing PHI data when using Localize.
The Localize TMS is HIPAA compliant. This means that you can rest assured that Localize will adhere to the administrative, technical and physical safeguards of the HIPAA Security Rule.
However, your team will be responsible for ensuring that PHI isn't mistakenly exposed to your end users when using Localize to translate your websites or mobile apps. Below are best practices that should be followed to keep your data safe and private.
Do:
- The safest thing to do is to keep PHI from ever getting into your Localize dashboard in the first place!
- See our help doc: How to Prevent PII/PHI Exposure for details.
- If you see PHI in your Localize dashboard, move it to the Blocked bin.
- Or move it to the Trash bin and Empty the trash.
- Then use the guidelines in the document mentioned above to stop the PHI from coming into your Localize dashboard.
Don't:
- Don't publish/approve phrases that contain PHI using any of the following methods:
- ...using the dashboard.
- ...using the
autoApprove
option in your Localize.initialize() call- Auto-approving phrases in a Web Project will put any new phrases directly into your Published bin.
- A machine translation will then be generated for the phrase which will be immediately available to your end users.
- ...adding a
data-localize=”autoApprove”
attribute to a phrase containing PHI in your website code.- Adding this attribute will add the
autoApprove
label to the phrase and the phrase will be moved to the Published bin.
- Adding this attribute will add the
- ...using the Localize REST API or the Localize CLI:
- Don't add an
auto-approve
label to any content that contains PHI
- Don't add an
- Don't order human translations through your Localize dashboard for phrases that contain PHI.
- This will expose the PHI to our Language Service Providers, and we can't guarantee that they are HIPAA compliant.
- Don't export phrases from the Pending bin that contain PHI.
Request a BAA
Need a Business Associate Agreement for your organization? Schedule a call with one of our Account Executives to learn more.
Updated over 2 years ago