Skip to main content

Exym Customers Require Secure, HIPAA Compliant EHR Software

HIPAA compliance is something that’s always top of mind for mental health agencies, therapists, and mental health providers. Therapists understand that for clients to feel comfortable talking about private information, they need to feel safe talking without fear of that information leaving the room. Both HIPAA requirements and a psychologist’s code of ethics protect the client in this situation.

HIPAA compliance not only safeguards the privacy and confidentiality of clients in therapy, it also ensures the security of therapists providing treatment. By adhering to the guidelines set forth by HIPAA, therapists are equipped with a framework that promotes effective collaboration and communication. These protections offered by HIPAA not only enhance quality of treatment, but also facilitate secure collaboration between care professionals and family members.

At Exym, we take pride in our HIPAA compliant EHR software and data security measures. Not only to we help keep agencies' records and data secure, we follow strict regulations to maintain HIPAA compliant communications through  Zendesk chat and Zoom telehealth software.


Is Zoom HIPAA Compliant?

Exym's mental health EHR software has become an essential tool for agencies and therapists, providing crucial services in today's healthcare landscape. With the rise in demand for telehealth services, Exym recognized the need to integrate a HIPAA compliant telehealth platform into their software and created the Exym Engage module.

Exym partnered with Zoom, a trusted name in the industry, to ensure HIPAA compliance. As a committed business associate, Zoom adheres to the necessary provisions outlined in the HIPAA Security Rule, guaranteeing the privacy and security of patient information.

Zoom takes the responsibility of maintaining the highest level of security in the telehealth environment, and takes measures to prevent any unauthorized access or disclosure of protected health information (PHI). They enforce a range of administrative, technical, and physical safeguards to ensure the privacy and confidentiality of patient data at all times.

Read more about Zoom’s HIPAA compliant telehealth platform here.


Exym's Superior Security Measures and HIPAA Compliant Cloud Storage Protects Customers

Ensuring HIPAA compliance is a top priority at Exym. Our mental health EHR software goes above and beyond by implementing a comprehensive risk-based Information Security Program. This proactive approach allows us to continuously maintain and enhance compliance with all 18 control groups outlined by the National Institute of Standards and Technology (NIST). These controls align with the requirements of both HIPAA cloud storage and the HiTech ACT, providing our customers with peace of mind regarding the security and privacy of their sensitive information.

Controls Include:

Electronic and Physical Security

  • BAA’s in place with all vendors

  • SOC2 compliant secure data centers

  • Data at rest encryption

  • Data transmission encryption

  • Monitoring of all critical systems

  • User endpoint

Data Backup and Recovery

  • Documented DR plan

  • System criticality and data classification completed

  • Recovery priority defined

  • Offsite backup storage

  • Virtualized environments

  • Regular, automated backups of critical systems and data

  • Encryption of backup data sets

  • Regular testing of backup components

Access Control Policy and Procedure

  • Least Privilege

  • Separation of duties

  • Access request procedures

  • Role based access control

  • Periodic review of privileges assigned to defined roles

  • Periodic review of user privileges

  • User access monitoring

Acceptable Use Policy

  • Policy documented and implemented

Data Classification and Handling Policy

  • Policy documented and implemented

Security and Awareness Training

  • HIPAA data security and privacy

  • Data classification and handling

  • Internal policies and procedures

  • General Information and security awareness

  • Phishing

  • Social Engineering

Secure Software Development Lifecycle

  • Planning and requirements

  • Architecture and design

  • Engineering principals

  • Test Planning

  • Coding

  • Testing and results

  • Release and maintenance

Integrated Security Processes

  • Security requirements

  • Architectural risk analysis

  • Static and Dynamic code review

  • Interactive security testing

  • Penetration Testing

  • Flaw and vulnerability remediation

Secure Coding Training for Developers

  • Developer awareness and training

About Exym

Exym is a comprehensive EHR software solution designed specifically for behavioral health agencies. Trusted for 20+ years, our intuitive and customizable software empowers providers to improve client outcomes, manage revenue cycles, and increase agency efficiency. Exym allows you to spend more time on what matters most- the clients in your care.

To learn more about Exym's IT and quality assurance capabilities, visit our Operations page and see how we can help simplify your agency's operation management and security compliance. Or, visit our Clinical page to see what Exym can do to support clinicians in streamlining documentation processes and protecting client data.

Jessica Carey
Post by Jessica Carey
May 30, 2023