HIPAA Configuration Guide for Salesmate Follow

As a SaaS-based product & service provider, Rapidops offers several products. There could be instances when customers may use some of our products in their processing of electronic Personal Health Information(ePHI) in the normal course of their business operations in this case Salesmate. As per the Health Insurance Portability and Accountability Act (HIPAA) of 1996, should our customers get categorized as either Covered Entity or Business Associate, Rapidops may extend support to their compliance towards HIPAA by mutually executing a Business Associate Agreement (BAA).

The scope of BAA is limited to Salesmate that is offered by Rapidops. The processing of any ePHI in any of our other products is not recommended and will not be covered within the scope of our BAA. 

This document sets forth the specifications that are categorized as Mandatory / Recommended for Customers (either Covered Entity or Business Associate) to adhere to while using Salesmate to process ePHI. 

The validity of our BAA is subject to continued adherence by the Customers to mandatory specifications that are specified in this document. Further, Rapidops is not liable for Customers' use of their custom mailbox and/or any Apps (as defined in Customer's agreement with Rapidops). We encourage Customers to independently configure these for their continued compliance with HIPAA.

Mandatory Configuration Specifications

• IP Restriction: Whitelist specific IP addresses to enforce access to your Salesmate account only from the sources that are authorized by you.
  • While creating a user or thereafter, you can specify the IP addresses in the "IP Restriction/ Access From" field; from where the users will  be able to access Salesmate. 
• Identification and Authentication:
  • Enable SAML SSO for users to access Salesmate with unified identification and authentication and also to validate users logging into Salesmate using a locally hosted script. Security Assertion Markup Language (SAML) is a mechanism used for communicating identities between two web applications. It enables web-based Single-Sign-On, thereby eliminating the need for maintaining various credentials for various applications and reduces identity theft. Learn more. 
  • (or)
  • Follow the Password Policy  and additionally, enable Two-factor authentication if required.
• Custom Mailbox: Configure your own custom mail server with Salesmate to get autonomous control on the incoming and outgoing emails. This lets you make sure that all your email transactions are outside Salesmate, and will be completely managed at your end. You may choose to sync your emails under Full sync (or) connect them under SMTP & Bcc and additionally apply "Email Sharing Permissions" to restrict emails to specific users. 

• Restricted access: Configure role-based access controls to ensure that access to your agents are limited based on their job responsibilities. Learn more.

• Data Sanitization: In case of a multi user set up you can choose to set up field visibility rules, field level permissions, profile based access and pipeline level access that restricts the specific fields or set of data to specific users / user profiles and permissions on how they can update the data. 
• Global search: While setting up your account you can select the fields you want to appear in global search. Learn more.
• Call Recordings: Within Salesmate, it is important for HIPAA Compliant customers to configure call recordings according to their business needs. Call recordings are most likely to contain PHI. Salesmate offers multiple controls for this.
  
  • Configure recording settings: disable call recordings for numbers where PHI will be discussed. Alternatively, you can choose to manually start recording in the middle of a specific call. Learn more.
  • Download & delete call recordings: You can download the call recordings from Salesmate one-by-one and delete them from Salesmate (or) we can use our APIs to fetch the recordings and store them at your end and thereafter delete them from Salesmate.
• End-Point Security: ensure the end-point systems used by your agents are hardened and secured for protecting the health care data that they process. The systems shall be identified to specific agents, authenticated, configured to be automatically locked down in case of idleness, and secured from malware.