In this article, we’ll talk about DHTMLX security concerns, namely GDPR and HIPAA compliance.
Personal data privacy has always been important. Especially now, when more and more information becomes digitized. Our company takes all necessary measures to ensure the personal data of our trial users and customers stay safe, accurate, and confidential.
In our work, we at DHTMLX comply with the General Data Protection Regulation (GDPR) that enables us to protect the personal data and privacy of EU residents and citizens. Besides, regarding healthcare-related software, we respect the Health Insurance Portability and Accountability Act (HIPAA) and don’t prevent our users from building a HIPAA-compliant project with the help of our UI libraries and components.
Let’s have a closer look at the basic principles we follow when collecting and processing user data.
Maintaining GDPR Compliance
EU GDPR came into effect in May 2018 and gives netizens more control over their personal data. Today, user consent is principally required when collecting personal information. This concerns any information relating to personally identifiable information, including name, location, IP addresses, and much more.
The Regulation has an extraterritorial effect and applies to all organizations processing personal data of EU residents and citizens. Thereby, we at DHTMLX conscientiously fulfill GDPR requirements and always make sure we have the users’ permission to handle their personal data.
When working with users’ personal data, we maintain the following basiс principles.
- Purpose limitation
All personal data gathered through our website is used for the purposes of client reporting and statistical analysis. Thus, for instance, we can use your email address to inform you about new releases and updates, provide you with official technical and non-technical support, and to get your feedback on the products you use.
- Data minimization
Our policy is to only collect personal information that is required for data processing purposes unless you share it voluntarily. When you interact with our website, you may provide us with your name, email address, and company name. Moreover, we may compile other information when you take part in our survey and contests.
- Storage limitation
Your personal data is maintained only for a time period required to send you the relevant updates and provide you with official paid technical support. Thus, we request your permission on collecting your personal data and will keep it until you withdraw your consent.
We store personal information of our evaluation users and clients and can edit or delete data on request. All the data collected will be deleted within 30 days.
- Integrity and confidentiality
When processing personal data of our users, we ensure protection against unauthorized processing, data corruption, and deletion. We use third-party software for monitoring website activity and processing orders and payments. However, any personally identifiable information is not transferred or disclosed to outside software providers.
For example, you can enter the card credentials when paying by a credit or debit card for your order. All the payment documents, including receipts, invoices, and confirmations, you get from the e-commerce provider.
We, in turn, do not receive your payment data. The provider sends us your name, email address, phone number, company name, and Order ID assigned to your purchase. This part of your personal data is used to provide you with the relevant license information, the download link to software products, as well as your login credentials to the Clients Area and Support Center.
- Legitimacy and transparency
Any website visitor can find information about the purposes, methods, and amount of personal data processed. This information is clearly and consistently explained.
Respecting HIPAA Regulations
Many businesses are loosely acquainted with HIPAA and HITECH Act Rules so they usually associate them with hospitals, medical practices, and health insurance companies. However, HIPAA compliance rules apply to countless software vendors that handle protected health information (PHI) or work with healthcare-related organizations.
For instance, HIPAA sets U.S. national standards to protect individuals’ medical records and other personal health information. Regulations apply to those who conduct certain healthcare transactions electronically.
HIPAA requires appropriate safeguards to handle PHI to make sure it’s accessed, stored, and transmitted securely. This includes any demographic information that can be used to identify a patient, such as his/her name, date of birth, Social Security and phone numbers to name a few. Patients also have rights over their health information, including rights to review a copy of their health records and obtain corrections.
The HIPAA Breach Notification Rule regulates the provisions for appropriate notifications in case of a data breach and unauthorized distribution.
Summing up, the mandatory features for HIPAA compliant software include:
- User authorization
- Access control
- Unique user identification
- Role-based authorization
- Emergency access
- Automatic logoff
- Data encryption and decryption
- SSL/TLS certificates usage
- Data backup
As for DHTMLX, we provide effective and professionally designed web-based tools that enable developers to build complex applications for various areas. Among our clients are many companies and IT specialists who can use (or already use) DHTMLX libraries for healthcare software development. However, we do not have access to any data our users store in their systems. You can be sure of data privacy and security while observing HIPAA requirements and independently implement compliant software features.
Summing up, our company takes all adequate measures to provide HIPAA and GDPR-compliant software solutions. If you still have any questions or concerns, feel free to contact us by using the form and we’ll get back to you as soon as we can.