HIPAA Security and Privacy

hipaa

Preamble
MotaWord is a cloud-based, artificial intelligence supported, multi-sided translation platform. Our translators are vetted and receive security training before being able to access translation jobs on the platform. They sign Non-Disclosure Agreements (NDA) and their actions are monitored real-time while they use the platform.

MotaWord’s translation process is as follows: Through secure and encrypted connections, clients upload their documents to the platform, and translators connect to MotaWord’s servers and translate the uploaded content. At no point in MotaWord’s translation process, a translator is able to download or receive a document by email.

MotaWord uses AWS (Amazon Web Services) cloud servers to operate and store ePHI data. AWS’s HIPAA compliance documentation is provided under the related documentation section of this Policy.

I. POLICY STATEMENT
MotaWord has already taken and will continuously take reasonable and appropriate precautions to prevent, detect, contain, and correct security violations.

MotaWord will implement reasonable and appropriate measures to limit access to ePHI only to those persons or automated processes that have been granted access rights based on their required functions and prevent those who have not been granted those rights from obtaining access to ePHI. MotaWord assigns translators with HIPAA awareness training certificates to specific projects involving ePHI data. All of MotaWord’s in-house personnel have received HIPAA training.

II. PRINCIPLES
The person responsible for HIPAA compliance at MotaWord identifies and maintains an inventory of the translation projects and establishes a program to identify and mitigate risks to ePHI.

MotaWord’s Security Officer will conduct assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI.

Risk analyses will be conducted or updated:

  • When a new information system is implemented;
  • Periodically as part of an ongoing risk management program; and
  • In response to a significant newly-recognized risk identified as a result of activity reviews, security incidents, or environmental or operational changes.

MotaWord’s Security Officer will recommend and monitor the effectiveness of security measures designed to reduce risks and vulnerabilities to a reasonable and appropriate level. More specifically, these measures are designed to reasonably and appropriately:

  • Protect the confidentiality, integrity, and availability of all ePHI that MotaWord receives, maintains or transmits.
  • Protect against any reasonably anticipated threats or hazards to the confidentiality, integrity, and availability of such information.
  • Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required by the Privacy Rule.
  • Facilitate workforce compliance.

MotaWord’s Security Officer will:

  • Regularly perform reviews of information system activity (e.g., audit logs and trails, information system activity records, facility access records) for the purpose of detecting:
  • Unauthorized access to ePHI;
  • Unusual patterns of use or activity; and
  • Other potential security violations.

MotaWord’s Security Officer will develop, document, and implement procedures to:

  • Identify possible security incidents;
  • Respond to suspected or known security incidents;
  • Mitigate, to the extent practical, harmful effects of known security incidents; and
  • Document and report security incidents and their outcomes. All documentation relating to potential and verified security incidents will be retained for at least six years from the date of documentation.

III. PROCEDURES
MotaWord’s Security Officer will make sure to develop, document, implement, and train its workforce on the procedures necessary to comply with this policy. Procedures will include identification by title of the person(s) responsible for complying with the required activities and provisions.

IV. KEY CONTACTS
Security Officer: Oytun Tez - oytun@motaword.com

Privacy Officer: Evren Ay - evren@motaword.com

V. EXCEPTIONS
Any exceptions to this policy must be approved by MotaWord’s Security Officer.

VI. DOCUMENTATION

For AWS and HIPAA compliance, please click here.

For detailed and updated official information on HIPAA, please click here.

 
`