HIPAA compliance and privacy
Aculab conform to HIPAA and HITECH regulations, which allows us to enter into HIPAA Business Associate Agreements (BAA) with our Covered Entity customers who provide healthcare platforms.
Suggestions for ensuring compliance include:
Authentication
Password authentication to access data such as recordings doesn’t alter the fact that such data is e-PHI and, if it is created, received, processed, stored or transmitted via Aculab Cloud, it is subject to the Privacy and Security Rules.
Encryption
Data over encrypted channels remains e-PHI and is subject to the Rules. Encrypting the data is an effective means of complying with the Rules and meeting your obligation.
SMS
You can’t send a short message over an encrypted channel; it remains plain text on transmission. Furthermore, an SMS sent to the patient includes the destination number, which could be used to identify the individual, thus qualifying the text as e-PHI. So, you need to ensure that the content of text messages contains no sensitive patient data.
Recordings
Voice recordings can be made by healthcare professionals and patients alike, and are subject to compliance. An effective method of protecting and securing recordings is to encrypt the file.
Message Playback
The process is similar, albeit in reverse, for playback of a .wav file, for example, to relay information in the form of a message to a patient. On receipt of the encrypted file for transmission, you should ensure the applicable key is available only at the time of decryption in order to play the message back.
Fax Handling
The process is similar when sending fax messages, on receipt of the encrypted fax for transmission, you should ensure the applicable key is available only at the time of decryption in order to transmit the fax. Again, the key should be received via a different route and destroyed after use, as with the original encrypted message.
Security
Committed to safeguarding your data
Security is a top priority at Aculab. We work hard to provide a safe platform to keep all data protected so you can focus on using the platform with confidence.
Physical security
Our Amazon AWS datacentres use multiple layers of operational and physical security to ensure the integrity and safety of your data, including restricted authorisation and constant surveillance.
Network security
Aculab is committed to providing a reliable network with guaranteed uptime for our global carrier interconnects. Use of private AWS servers, datacentre firewalls, and encryption of data in transit.
Application security
Secure protocols are used to keep your communications secure over public networks. Encryption and multi-factor authentication is used via HTTPS.
Service security
Cloud Virtual Machine – Amazon’s Virtual Machines are designed to be secure by default keeping Aculab Cloud highly secure.
Data privacy
Backup encryption, access limitations.Media files are stored in Aculab Cloud and held securely in Amazon S3.
Payment security
Private and secure payment – all transactions and payment information is protected by a third party vendor, SagePay. Aculab Cloud does not see or store credit or debit card information.
Encryption
Free encryption for media file storage.
Encryption
Our encryption capabilities for media storage are not only used for meeting healthcare regulations. If you need to protect sensitive data such as voice recordings or fax image files, then take advantage of our free encryption capabilities.