Our commitment to protecting electronic protected health information (ePHI) and maintaining HIPAA compliance.
Diridium Technologies Inc. is committed to ensuring the confidentiality, privacy, integrity, and availability of all electronic protected health information (ePHI) it receives, maintains, processes, or transmits. As a HIPAA Business Associate providing healthcare integration consulting services, Diridium strives to maintain the highest standards of compliance and proactively address information security.
Diridium provides healthcare integration consulting, architecture, and ongoing technical advisory services. Engagements typically involve handling ePHI on the customer's infrastructure (cloud or on-premises). Diridium does not host customer applications, customer ePHI, or other customer infrastructure. Diridium assumes any data it touches in the course of an engagement may contain ePHI and implements protections accordingly.
Our policies align with HIPAA Security Rule requirements (45 CFR 164.308-316), HITRUST Common Security Framework controls, and NIST guidelines. Diridium tracks compliance via HITRUST MyCSF assessments and annual audits.
All policies are maintained under version control, reviewed annually, and retained for six years. Changes are communicated to employees through automated notifications and email summaries. Policy updates follow a formal review and approval process.
Diridium conducts formal risk assessments following NIST SP 800-30 methodology, with annual reviews and ongoing evaluation throughout system lifecycles. Our risk management process includes:
Diridium does not host customer applications or ePHI. Backup, retention, and recovery for customer-side systems are governed by the customer's own program. Internal Diridium systems handling client artifacts follow encrypted backup and verified-recovery procedures, documented with system names, timestamps, and storage locations.
Access to systems containing ePHI requires formal authorization and is subject to strict controls:
Systems are monitored continuously for malicious software and unauthorized changes. Network traffic logging captures successful and failed access attempts with origin, destination, and timing details. Security logs are reviewed weekly to identify events requiring investigation.
Diridium's internal infrastructure (workstations, internal systems, VPN endpoints) implements the following measures:
Customer-side infrastructure (AWS, Azure, on-premises) remains under the customer's own security program. Where Diridium designs or operates components on customer infrastructure, configurations follow CIS-aligned hardening practices.
Diridium implements procedures for timely breach detection, investigation, and notification in accordance with HIPAA Breach Notification Rule requirements. Our incident response process ensures affected parties are notified within required timeframes.
For questions about our privacy and HIPAA policies, please contact us or call +1.719.602.6037.