Rumbletalk is committed to and has implemented many safeguards to ensure its devices, services, websites and data systems (collectively “Products”) are compliant with the regulations and conditions set forth in the Health Insurance Portability and Availability Act. and GDPR regulations. In order to establish and ensure ongoing compliance Rumbletalk is subjected to third parity independent audits, onboard training process, annual review of Security Policies and ongoing maintenance of regulations. With transparency as our corporate value, you may contact us for more information.

Please review and agree to implement the guidelines in our Requirements for HIPAA Entities. This is an essential step before RumbleTalk can support your HIPAA compliance, Please see below:

• RumbleTalk does not maintain the designated record set and should not be the system of record for your health information.
• RumbleTalk does not have a business associate agreement with any third-party application providers, so you are responsible for determining whether an agreement is necessary with an application provider before enabling.
• You must be using the RumbleTalk Enterprise plan
• You may not use RumbleTalk to communicate with patients, plan members, or their families or employers.
• You must execute a Business Associate Agreement
• Excluding messages and files, members of your organization may not include PHI when using other RumbleTalk features.
• You are responsible for using RumbleTalk APIs to implement tools and processes for monitoring your members’ use of RumbleTalk. We recommend setting up an external Data Loss Prevention (DLP) provider to enforce message and file restrictions and exports.