HIPAA, Privacy, and Security at Rownd

Posted by

One of our core principles at Rownd is that “we believe everyone deserves individual data privacy and security”. Most don’t know that Rownd started as a data privacy company before refocusing on cross-domain/device authentication and the platform is built from the ground up to be secure and private.

Although HIPAA mostly focuses on healthcare, we built Rownd in a way that brings these principles of HIPAA to the rest of the industry. Rownd is “HIPAA ready” to hold medical and patent data OR we can authenticate users to access the patent data being held in our customer’s databases.

HIPAA requires a focus on encryption at rest, encryption in transit, a high level of certainty that a user is who they say they are (ie, 2FA), and strict classification of data types. Again, Rownd is in a great position here because our entire platform is built to meet these needs.

Content gating: Don’t turn a hotel into a safe

Rownd has a feature called “content-gating” (or auth gating). This is a simple, low-code method for our customers to add a higher level of auth around a particular part of the website. For fintech and health-tech companies, this is critical since 90%+ of their app does not have critical data displayed, yet they usually have to treat it all as critical.

Think of a hotel safe. Most hotel rooms have a little room safe where you can hold valuables. That safe has a combination, usually is built out of thick expensive metal, and can survive a power drill for 30 minutes. Think of this safe combo as being 2FA and the contents of the safe are the HIPAA or PCI data. That safe is usually in a closet, the closet is in a room that has key card access, and that room is in a hotel that has a wide-open lobby. Visitors can walk right in, look around, and even sit down and grab a drink at the hotel bar. They can even walk around to look at the pool and inspect the overall vibe of the place. This is an ideal experience, protect the most valuable with multi-factor, open up parts of the experience to those just looking around with no restrictions.

But, Most apps are built the opposite, they put the combination and keycard outside of the hotel and basically build a giant safe around the whole building. The experience is worse for everyone. New users are on the outside, existing users need to use 2FA even if they have no HIPAA.

Rownd makes the experience closer to the former, protected data is protected with 2FA and re-verificaiton, the rest is open for easy access.

Case Study: A Nurse Credentialing company adds Rownd to add Covid vaccination status

One of our more interesting customers had a problem in the middle of the covid-19 pandemic: How could they add HIPAA data to their app quickly. Enter Rownd. Rownd made it easy for them to not only add HIPAA (a picture of their vaccination card) but also to show customers how much they cared about data privacy.