trusted by...

  • eclinicalworks logo
  • 4com logo
  • Alert solutions logo
  • Algar logo
  • Atos Unify logo
  • Avaya logo
  • AVST logo
  • Bequick logo
  • Brekeke logo
  • BT logo
  • BTS logo
  • C3 logo
  • Callglide logo
  • Cambridge NHS logo
  • Capgemini logo
  • Capita logo
  • Cisco logo
  • Comsys logo
  • eClinicalWorks logo
  • ForgeRock logo
  • Globitel logo
  • HTK logo
  • I-Tel logo
  • itsonix logo
  • IPI logo
  • JTEL logo
  • Kapsch logo
  • 4Com logo
  • EnghouseNetworks logo
  • TT united logo
  • Materna logo
  • MyForce logo
  • Netcall logo
  • Network rail logo
  • NHS logo
  • Nixxis logo
  • Nomidio logo
  • NSF logo
  • Octalogo
  • Onvisource logo
  • PBX central logo
  • Phact logo
  • Puzzel logo
  • Redwood technologies logo
  • Resilient logo
  • Siemens logo
  • Syntec logo
  • Telmex logo
  • Thales logo
  • T Systems logo
  • VirtuaTell logo
  • Voiscape logo
  • Vonage logo
  • Wingcon logo

Aculab conform to HIPAA and HITECH regulations, which allows us to enter into HIPAA Business Associate Agreements (BAA) with our Covered Entity customers who provide healthcare platforms.

HIPAA & HITECH compliance

Suggestions for ensuring compliance include:

Security compliance
  • Authentication

    Password authentication to access data such as recordings doesn’t alter the fact that such data is e-PHI and, if it is created, received, processed, stored or transmitted via Aculab Cloud, it is subject to the Privacy and Security Rules.


    Data over encrypted channels remains e-PHI and is subject to the Rules. Encrypting the data is an effective means of complying with the Rules and meeting your obligation.

  • Messaging

    You can’t send a short message over an encrypted channel; it remains plain text on transmission. Furthermore, an SMS sent to the patient includes the destination number, which could be used to identify the individual, thus qualifying the text as e-PHI. So, you need to ensure that the content of text messages contains no sensitive patient data.


    Voice recordings can be made by healthcare professionals and patients alike, and are subject to compliance. An effective method of protecting and securing recordings is to use Aculab Cloud to encrypt the file.

Security compliance
Security compliance
  • Message Playback

    The process is similar, albeit in reverse, for playback of a .wav file, for example, to relay information in the form of a message to a patient. On receipt of the encrypted file for transmission, you should ensure the applicable key is available only at the time of decryption in order to play the message back.

    Fax Handling

    The process is similar when sending fax messages, on receipt of the encrypted fax for transmission, you should ensure the applicable key is available only at the time of decryption in order to transmit the fax. Again, the key should be received via a different route and destroyed after use, as with the original encrypted message.



  • Our encryption capabilities for media storage are not only used for meeting healthcare regulations. If you need to protect sensitive data such as voice recordings or fax image files, then take advantage of our free encryption capabilities

Security encryption