Nynja is HIPAA and SOC2 Compliant. Nynja uses a Qualified Security Assessor Company (QSAC), accredited ISO 27001, ISO 27701 and ISO 22301 certification body, certified HITRUST Assessor firm, and accredited FedRAMP 3PAO.
Currently, the agencies that certify health technology, the Office of the National Coordinator for Health Information Technology and the National Institute of Standards and Technology, do “not assume the task of certifying software and off-the-shelf products” (p. 8352 of the Security Rule), nor accredit independent agencies to do HIPAA certifications. Additionally, the HITECH Act only provides for testing and certification of Electronic Health Records (EHR) programs and modules. Thus, as Nynja is not an EHR software or module, our type of technology is not certifiable by these unregulated agencies.
However, the following list demonstrates how Nynja supports HIPAA compliance based on the HIPAA Security Rule published in the Federal Register on February 20, 2003 (45 CFR Parts 160, 162, and 164 Health Insurance Reform: Security Standards; Final Rule).
More formerly known as Service Organization Control 2, it reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy. The standard for regulating these five issues was formed under the AICPA Trust Services Principles and Criteria.
The purpose of this document is to understand how Nynja supports the goals of HIPAA and SOC 2 compliance.