The OnceHub security and privacy program is a multi-layered system of controls designed to comply with multiple regulatory frameworks and industry standards. We understand the importance of supporting the regulatory needs of our Customers, and ensuring that you're able to satisfy your compliance obligations.
HIPAA and HITECH
OnceHub is fully compliant with the strict security and privacy policies required in the US healthcare sector. We work with expert consultants to implement the policies and processes required to protect your data and satisfy HIPAA (Health Insurance Portability and Accountability Act) and the HITECH (Health Information Technology for Economic and Clinical Health) Act. All electronic protected health information (ePHI) that is collected, stored, and distributed by OnceHub is encrypted both at rest and in transit, ensuring the highest level of security. Learn more about HIPAA compliance
We sign standard OnceHub Business Associate Agreements (BAAs) at no extra charge with accounts that have at least four Users. If you would like to sign a Business Associate Agreement (BAA) with us, please contact us.
OnceHub treats payment data security with the utmost importance. The internal payment systems implemented by OnceHub have been designed from the ground up to ensure maximum security and comprehensive compliance with the PCI DSS (Payment Card Industry Data Security Standard) framework.
We work with expert consultants to implement the policies and processes required to protect your data, undergo regular audits, and work to stay up to date with the latest requirements and best practices. All electronic payment card information collected, stored, and distributed by OnceHub is encrypted both at rest and in transit, ensuring the highest level of security.
OnceHub provides educators and other members of the education community with all the tools necessary to maintain compliance with FERPA (Family Educational Rights and Privacy Act). All OnceHub data is encrypted at rest and in transit, and protected by the highest level of industry standard and security controls.
We securely back up data in near real time using industry standard tools. Backups are stored in a geographically separate region with multiple levels of redundancy. This means that FERPA-regulated data will always be stored properly and will be accessible when needed.
Commitment to the GDPR
OnceHub is committed to complying with the Global Data Protection Regulation (GDPR). Taking effect in May 2018, the regulation creates a unified privacy framework enforceable by all EU member states. The GDPR applies to organizations that process data associated with identifiable EU individuals, whether or not the business is based in the EU.
We welcome the progress brought forth by this landmark regulation. At OnceHub, we stand by the GDPR’s key principles, including breach notification, privacy by design, privacy by default, fairness and transparency. Learn more about the GDPR and the steps we take to stay compliant
Privacy shield compliant
Privacy is at the top of our priority list. Many companies choose to self-certify their compliance without truly understanding the demanding requirements of modern privacy frameworks. At OnceHub, we work with an experienced privacy consultancy firm to ensure we meet the highest privacy standards. Our Privacy Notice meets the VeraSafe certification criteria, and is compliant with the EU Privacy Shield.