SPHER is designed to meet specific HIPAA Privacy & Security requirements


Healthcare has Changed

The HITECH Act (Meaningful Use) has rapidly accelerated the adoption of Electronic Health Records across the entire healthcare spectrum, making patient health data readily available to those that need access to it. A core benefit of the EHR, centralization, made it so that clinicians can all view and contribute to a unique record for each patient at any time, from any location.



The Dilemma

Initially believed to represent a massive step forward in terms of security when compared to the paper-based medical record, EHRs simply shifted the attack vectors. What was once a single paper record laid open and exposed on a desk or a nurse’s cart, is now a digital record available to any authorized user, instantly and remotely.

EHR breach stat.PNG

Percentage of breaches caused by users who have authorized access to patient data


The Challenge

HIPAA requires that all healthcare organizations have policies and procedures in place to monitor the daily activity that occurs on the EHR for suspicious user activity. This is done through the regular analysis of EHR audit logs. Should a suspicious event occur, the event must be documented, investigated, and resolved in a consistent manner.


The Solution

To address the above challenge, the Office of Civil Rights (OCR) requires the following HIPAA Security Standards to be in place at all healthcare organizations, regardless of size. Below is a description of each OCR standard and how SPHER meets that standard.

compliance solution mod.png

*Not a single SPHER customer has failed an OCR or CMS audit due to not meeting the HIPAA Security Standards that SPHER addresses.


Privacy Policy

SPHER, Inc. understands the importance of protecting PHI and our Client’s privacy. 

This Privacy Policy describes:

  • Data Collected: the personal data that SPHER, Inc. collects from and about you, as a solution user or other prospective customer, and as a services account holder;
  • Use of Data: the ways that SPHER, Inc. uses that data, including the ways that it may combine data it collects from you with data it acquires about you from other sources; and
  • Disclosure of Data to Others: the circumstances under which SPHER, Inc. might share your personal data with others.

Please contact us at if (i) you wish to find out more about our use and disclosure of your information and how to limit it, (ii) you wish to exercise your right to access, amend, or delete any personal data we hold about you that you are unable to accomplish by means of the administrative features of the services;  or (iii) you have any other questions or concerns about this policy.

Please note that this Privacy Policy describes SPHER, Inc.’s privacy policies with respect to personal data that it collects and controls for its own use and for the purpose of managing its customer accounts.  This Privacy Policy does not cover personal data that SPHER, Inc.’s customers or end users process by means of the SPHER, Inc. services. 

  • If you are a SPHER, Inc. customer, SPHER, Inc.’s use of PHI access data that you process by means of the SPHER, Inc. services is subject to SPHER, Inc.’s services terms and any applicable business associate agreement, confidentiality agreement or data privacy agreement that SPHER, Inc. has entered into with you.

Data Collected

SPHER, Inc. limits the collection of personal information to only that which is relevant for reasonably serving customer relations, compliance and legal considerations, auditing, security and fraud prevention, preserving or defending our legal rights, communicating with you as a prospective customer, improving products and services, facilitating billing and collections activities, and other purposes consistent with the expectations of a reasonable person given the context of the collection.  SPHER, Inc. takes reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current.

Site Visitors

Our Web server may capture any or all of the following: your IP address, the time and duration of your visit, and the pages on the site that your visit.  It may also collect information about your browser, device, location and other information of the type collected by Web servers generally.  We may also use Web analytics tools to capture information about your use of the site, such as mouse clicks and scrolling activity.  We may tie this information to personally identifying information we have about you.  

We use “cookies,” “web beacons” “pixel tags” and other techniques to identify you or your browser or device to your activity on the site.  Please see the section below captioned “Online Data Collection Technologies” for more information regarding our use of these techniques and your ability to restrict our collection of data in this manner.

We use third party Web analytics tools to capture information about your use of the site, such as mouse clicks and scrolling activity.  For example, we may use Google Analytics. The providers of these tools may capture data about your activity on our site, via cookies and other techniques. 

If you arrive at our site by clicking on an advertisement or content published by a third party, that third party may provide information to us about your activity on their site.  For example, we may use Google AdWords or other third party advertisers, or may sponsor links on other third party sites.  

Use of Data

Generally, SPHER, Inc. uses the personal and other data it collects to provide its services, operate its website efficiently, and provide a good quality experience for website visitors.  SPHER, Inc. may use the information to send you email or other communications about SPHER, Inc.’s or third parties’ content, product or services.   SPHER, Inc. only uses and processes personal data for purposes compatible with the original purpose of collection or as subsequently authorized by you. If you do not wish to receive information from SPHER, Inc. via email, you may unsubscribe to our email list at any time by following the link in the communication. 

Disclosure of Data to Others

We will not disclose your personal data to third parties except as follows:

  • When we believe release is appropriate to comply with the law, such as in response to lawful requests by public authorities to meet national security or law enforcement requirement.  
  • To enforce our services agreement and other rights, or to protect the rights and safety of others. This may include exchanging information with government regulatory or law enforcement agencies, or with other companies and organizations for fraud protection and legal compliance.
  • The SPHER site is hosted by a third party and we use third party infrastructure monitoring services. These third parties may have inadvertent or incidental access to your data.  These providers are not authorized to further disclose your data or to use your data for any purpose other than providing services to us.
  • As part of a sale of our assets or a merger of our company. We may in the future sell all or part of our assets or be involved in a merger. It is customary for personal information to be included with the transferred assets in these types of transactions.


Online Data Collection Technologies

A cookie is a small text file that is placed on your device, typically a string of numbers and letters.  The cookie is used to uniquely identify your device.   Whoever places the cookie will typically use the information to associate each of your site or services visits to your device, and to you personally if the cookie placer has information that identifies you personally to your device.  Most browsers include features that enable you to block or restrict cookie placement.  If you disable or restrict cookies, you may not be able to use all of the features of the site or service that placed the cookie.

Security:  We will use reasonable security measures to protect your personal data from unauthorized use and disclosure.

Data Retention:  We will destroy all PHI access data when we are no longer using it for the purposes described in this Privacy Policy unless we are required to retain it by applicable law.  If we are required to retain your PHI access data after the time that we are no longer using it as described in this Privacy Policy due to a legal requirement we will only use your PHI access data for the purpose of complying with a legal requirement. 

Contact Information

SPHER, Inc.’s privacy practices are managed by April Hill, its Compliance Officer.  You may contact her via email at Her address is:

April Hill
Compliance Officer
19300 S. Hamilton Ave. Ste. 250
Gardena, California 90248


Revision date August 20, 2018