HIPAA compliance and privacy
Aculab conform to HIPAA and HITECH regulations, which allows us to enter into HIPAA Business Associate Agreements (BAA) with our Covered Entity customers who provide healthcare platforms.
Suggestions for ensuring compliance include:
Password authentication to access data such as recordings doesn’t alter the fact that such data is e-PHI and, if it is created, received, processed, stored or transmitted via Aculab Cloud, it is subject to the Privacy and Security Rules.
Data over encrypted channels remains e-PHI and is subject to the Rules. Encrypting the data is an effective means of complying with the Rules and meeting your obligation.
You can’t send a short message over an encrypted channel; it remains plain text on transmission. Furthermore, an SMS sent to the patient includes the destination number, which could be used to identify the individual, thus qualifying the text as e-PHI. So, you need to ensure that the content of text messages contains no sensitive patient data.
Voice recordings can be made by healthcare professionals and patients alike, and are subject to compliance. An effective method of protecting and securing recordings is to encrypt the file.
The process is similar, albeit in reverse, for playback of a .wav file, for example, to relay information in the form of a message to a patient. On receipt of the encrypted file for transmission, you should ensure the applicable key is available only at the time of decryption in order to play the message back.
The process is similar when sending fax messages, on receipt of the encrypted fax for transmission, you should ensure the applicable key is available only at the time of decryption in order to transmit the fax. Again, the key should be received via a different route and destroyed after use, as with the original encrypted message.
Committed to safeguarding your data
Security is a top priority at Aculab. We work hard to provide a safe platform to keep all data protected so you can focus on using the platform with confidence.
Our Amazon AWS datacentres use multiple layers of operational and physical security to ensure the integrity and safety of your data, including restricted authorisation and constant surveillance.
Aculab is committed to providing a reliable network with guaranteed uptime for our global carrier interconnects. Use of private AWS servers, datacentre firewalls, and encryption of data in transit.
Secure protocols are used to keep your communications secure over public networks. Encryption and multi-factor authentication is used via HTTPS.
Cloud Virtual Machine – Amazon’s Virtual Machines are designed to be secure by default keeping Aculab Cloud highly secure.
Backup encryption, access limitations. Media files are stored in Aculab Cloud and held securely in Amazon S3.
Private and secure payment – all transactions and payment information is protected by a third party vendor, SagePay. Aculab Cloud does not see or store credit or debit card information.
Free encryption for media file storage.
Our encryption capabilities for media storage are not only used for meeting healthcare regulations. If you need to protect sensitive data such as voice recordings or fax image files, then take advantage of our free encryption capabilities.