HIPAA Compliance
Information about CogQuiz compliance with the Health Insurance Portability and Accountability Act.
CogQuiz is designed for employment screening, not healthcare operations. Our platform does not process Protected Health Information (PHI) as defined by HIPAA.
Our Position
CogQuiz collects behavioral data (typing patterns, mouse movement, response timing) to assess whether a job candidate is human. We do not collect, store, or process any health information, medical records, or Protected Health Information (PHI) as defined under HIPAA.
Data We Collect
We collect only data necessary for human verification:
- Typing rhythm and keystroke timing patterns
- Mouse movement trajectories and speed
- Test responses and completion timing
- Candidate name and email (provided by employer)
We do not collect health data, medical records, or any information that would constitute PHI.
Security Measures
Even though HIPAA may not directly apply, we implement healthcare-grade security practices:
- AES-256 encryption for data at rest
- TLS 1.2+ for all data in transit
- Annual third-party security audits
- Access controls and audit logging
- Employee security training
For Healthcare Employers
If you are a healthcare organization using CogQuiz for employment screening, we can provide a Business Associate Agreement (BAA) upon request. Contact compliance@cogquiz.com.
Questions
For questions about our data practices or HIPAA compliance, contact compliance@cogquiz.com.