At Worksphere, we are committed to the security and privacy of your data. This article explains how we protect your information, privacy and security in support of your organization’s compliance needs.
All data is stored using industry best-practice standards and only accessed over HTTPS, using TLS v1.2 and above. Organization data is logically separated and housed in a dedicated, network-isolated, secure database.
All application data is encrypted both at rest and in transit. AES-256 encryption is used at rest, and TLS 1.3 is supported in transit.
Worksphere never directly stores or has access to sensitive information such as passwords, or full credit card or bank account information.
Customer data is never shared, except with sub-processor vendors who are only allowed to use it to assist us in providing our services. Privacy and security assessments are conducted for each vendor used by the supplier. Vendors must be SOC 2, SOC 3, ISO 27001/27701, Privacy Shield, or STAR certified.
A full list of sub-processors used by Worksphere is available.
All network requests are routed through Cloudflare, a web application firewall. Cloudflare also protects network security by detecting and blocking anomalous network activity through an automated IP reputation-based captcha challenge system.
All system login attempts, application requests, and database access logs are monitored for unauthorized access.
Worksphere conducts regular vulnerability scanning, including automated vulnerability scans of our software.
Frequently Asked Questions
Is Worksphere HIPAA compliant? Yes. In general, the HIPAA Rules do not apply to employers or employment records. HIPAA only applies to HIPAA covered entities, which include health care providers, health plans, and health care clearinghouses – and, in specific cases, to their business associates.
How is employee wellness survey information handled? Worksphere does not store or process the individual answers to wellness surveys. Only the outcome of a survey is stored and transmitted, indicating whether an employee has passed the survey and is allowed in the office. Any answers to individual questions are never saved by or transmitted to Worksphere.
Are employers allowed to ask for employer vaccination status information? Yes. According to the U.S. Department of Health & Human Services (HHS): “If an employer asks an employee to provide proof that they have been vaccinated, that is not a HIPAA violation, and employees may decide whether to provide that information to their employer.” We recommend working with your legal team on the best approach for your company.
- How is employee vaccination data handled? Employee vaccination data is securely transmitted and stored. It is only accessible to the employee who submitted it and to designated administrators in Worksphere. This data meets the same high standards outlined above in our section on Data Security, including encryption in transit and at rest.