Merlin Compliance HIPAA DAM: FAQ

Image of a person typing with a graphic overlay on MerlinOne's website

What is Merlin Compliance?

Merlin Compliance is a security-focused Digital Asset Management (DAM) solution for companies with a regulatory requirement or a particular need for high security. Merlin Compliance boasts world-class security and fully commits to taking on the risk of their clients in the case of a HIPAA or GDPR violation. With high configurability, profound scalability, and hands-on support, Merlin Compliance is the obvious DAM choice for companies in highly-regulated industries such as healthcare, pharmaceuticals, biotechnology, medical devices, higher education, and government. Merlin Compliance fully commits to taking on the risk of our clients, because we are that confident in the security of both our systems, and our single-tenet servers stored in our state of the art data center. Through ongoing vulnerability and penetration testing by each client’s designated security officer, you can be sure your system is constantly monitored and remains impenetrable.

What are the basic goals of Merlin Compliance?

The three tenets of HIPAA compliance are Confidentiality, Integrity, and Availability; all Merlin Compliance systems are certified under each one. Every Merlin DAM system boasts 99.99% uptime and 24/7 support. In addition to the basic HIPAA requirements, our systems go the extra mile and surpass expectations of Confidentiality and Integrity.

Confidentiality is enhanced by our additional firewall protection. The protections include the security requirement for any outside party that accesses your data to have a signed a Business Associate Agreement (called a BAA), ensuring that they will protect confidentiality. Our internal Merlin team staff has undergone training on specific procedures for handling your data, including a clear understanding of the specific sanctions for any transgressions. These heightened security measures are beneficial for any company who requires higher security for the protection of their digital assets.

Integrity is enhanced by deep auditing capabilities; if a record is changed you can determine exactly who has “touched” it and when. This feature adds another layer of  industries where assets stored in the DAM are highly confidential Integrity is further enriched through the agreement by Merlin Compliance to take on the risk of all of their clients. By taking on the risk of out clients, we provide peace of mind that their digital assets and associated data are protected to the highest level.

What kind of Security enhancements does Merlin Compliance provide?

In the HIPAA-compliant world, security mechanisms are broken down into three categories: Administrative, Physical, and Technical.  Merlin Compliance has procedures in place in all three of these areas in order to provide a full-fledged approach.

“Administrative” safeguards include tight control of users and accounts, and the assurance that only pre-approved parties are able access to your data, or even to specific portions of your data. These user permissions can be altered at the request of our client at any time as we understand access needs are subject to change as companies grow and develop. Such actions, policies, and procedures are in place to be sure that only authorized users have access to your protected assets, because confidentiality and compliance go hand in hand. These administrative measures also work to manage the conduct of the Covered Entity’s workforce in relation to the protection of that information.

“Physical” precautions are the controls put in place to protect the physical servers that your data resides on. Merlin Compliance customers can feel confident knowing that all assets are kept in a world-class data center which employs biometric sensors and multiple levels of locks to obtain access. All Merlin Compliance customers can be assured that their data is stored individually, with our segregated hardware environments which support a single-tenant architecture.

“Technical” safety measures involve the mechanisms put in place to secure your network end-to-end. With Merlin Compliance, your data is ALWAYS being encrypted: whether moving over a physical wire, WiFi connection, or when stored on a hard drive. The database your data is stored (encrypted) in can ONLY be accessed by our applications, and pre-approved users. This includes the requirement for confirming valid data inquiries – a second pass through a firewall to a dedicated SQL server is mandated to ensure that only valid inquiries can reach the database.

How does Merlin Compliance Guarantee Asset Protection?

Merlin Compliance takes the protection of your digital assets and data extremely seriously. We know just how detrimental a HIPAA violation or security breach can be, and we pride ourselves in partnering with our clients to ensure compliance. In addition to assuming the risk of our clients, Merlin Compliance staff receive ongoing internal security and regulatory training. Furthermore, our staff performs ongoing vulnerability scanning and penetration testing on all of our client’s systems.

How does Merlin Compliance work for Healthcare?

If you are in the Healthcare industry and the data you want to store in your DAM contains incidental Protected Health Information (PHI), you should consider Merlin Compliance. For example, suppose you store a photo of a doctor and a patient in the hallway of your facility and an “Oncology” sign appears in the background: the implication could be that the patient is being treated for cancer, which would be PHI that must be kept confidential. Even the most innocent example of “incidental” PHI could lead to HIPAA confidentiality repercussions.

How does Merlin Compliance handle violations or breaches?

Each Merlin Compliance client is assigned a designated security official to monitor their system environment. This security official will be tasked with the ongoing vulnerability scanning and penetration testing of your system, in addition to being your main point of contact at MerlinOne. In the case that there has been a violation or security breach, Merlin Compliance takes pride in their transparent approach to incident management and communication.

Why Merlin Compliance?

Merlin Compliance understands the complexity of having to evaluate tools that guard highly private data, while also meeting other extensive internal or industry-wide security standards. Our HIPAA and GDPR-compliant DAM system provides more peace of mind that your digital assets and the data associated to them are protected to the highest level. Your assets are stored in a world-class data center which employs biometric sensors to grant entry and segregated hardware environments that support a single tenant architecture. Your designated security official will monitor your environment and conduct ongoing vulnerability scanning & penetration testing.

Whether you’re in healthcare, non-profit, education, finance, or work for an organization deeply concerned with system and data protection, Merlin Compliance is the obvious DAM choice.