HIPAA-compliant DAM FAQ

HIPAA-compliant DAM Whitepaper
What is Merlin Compliance?
Merlin Compliance is a Digital Asset Management (DAM) solution for companies with a regulatory requirement to keep their data in a HIPAA-compliant system, or for a company with a particular need for a high security, auditable system.

Do I need Merlin Compliance?
If you are in the Healthcare industry and the data you want to store in your DAM contains incidental Protected Health Information (PHI), you should consider Merlin Compliance. For example, suppose you store a photo of a doctor and a patient in the hallway of your facility and an “Oncology” sign appears in the background: the implication could be that the patient is being treated for cancer, which would be PHI that you must keep confidential. Even the most innocent example of “incidental” PHI could lead to HIPAA confidentiality repercussions.

What are the basic goals of Merlin Compliance?
The three tenets of HIPAA compliance are Confidentiality, Integrity, and Availability. All Merlin Compliance systems are certified under each one. Every Merlin DAM system is always Available with 99.99% uptime and 24/7 support. In addition to the basic HIPAA requirements, our systems go the extra mile and surpass expectations of Confidentiality and Integrity.

Confidentiality is enhanced by our additional firewall protection. The protections include the security requirement for any outside party that accesses your data to have a signed agreement (called a BAA) ensuring that they will protect confidentiality. Our internal Merlin team staff has undergone training on specific procedures for handling your data, including a clear understanding of the specific sanctions for any transgressions.

Integrity is enhanced by deep auditing capabilities: if a record is changed you can determine exactly who has “touched” it and when.

What kind of Security enhancements does Merlin Compliance provide?
In the HIPAA =-compliant world, security enhancements come down to three categories: Administrative, Physical, and Technical.

“Administrative” means tight control of users and accounts, and ensuring that only parties that are preapproved by you get access to your data, or even to specific portions of your data.

“Physical” involves multiple levels of locks and biometric controls to protect the physical servers that your data resides on.

“Technical” means your data is ALWAYS being encrypted: whether moving over a physical wire, WiFi connection, or even when stored on a hard drive. With a HIPAA-compliant DAM, your data is always encrypted. The database your data is stored (encrypted) in can ONLY be accessed by our applications. This includes the requirement for confirming valid data inquiries – a second pass through a firewall to a dedicated SQL server is mandated to ensure that only a valid inquiry can ever reach the database.

Download the complete HIPAA-Compliant DAM FAQ whitepaper.

Download this whitepaper