AbleSpace believes privacy and data protection are core aspects of trust in today's technology-driven world. We take our security and privacy commitment to you and your students / clients very seriously. We are acutely aware that we need to earn and maintain your trust on a daily basis.
AbleSpace maintains appropriate administrative, physical, and technical safeguards to provide for continuing security & privacy of your PHI or ePHI.
1. AbleSpace, HIPAA and the HITECH ACT
HIPAA covers information about a person's health or healthcare services is classified as Protected Health Information (PHI).
AbleSpace customers that collect, transmit, and store PHI or ePHI are considered “Covered Entities“ under the HIPAA. Covered entities bear the primary responsibility of ensuring that their processing of PHI is compliant with the HIPAA and HITECH Act.
AbleSpace acts as a “Business Associate,“ and shall transmit and store the Protected Health Information (PHI) of our customers solely for the purpose of performing our obligations under our existing contract(s) with our subscribers; and, for no commercial purpose other than the performance of such obligations and improvement of the services we provide.
2. What is considered PHI under HIPAA Rules?
Under HIPAA, PHI is any identifiable health information that is used, maintained, stored, or transmitted by a HIPAA – covered entity – a healthcare provider, health plan or health insurer, or a healthcare clearinghouse – or a business associate of a HIPAA-covered entity, in relation to the provision of healthcare or payment for healthcare services.
It is not only past and current health information that is considered PHI under HIPAA Rules, but also future information about medical conditions or physical and mental health-related to the provision of care or payment for care. PHI is health information in any form, including physical records, electronic records, or spoken information.
Therefore, PHI includes health records, health histories, lab test results, and medical bills. Essentially, all health information is considered PHI when it includes individual identifiers. Demographic information is also considered PHI under HIPAA rules, as are many common identifiers such as patient names, Social Security numbers, driver’s license numbers, insurance details, and birth dates when they are linked with health information.
3. Data Encryption
AbleSpace secures customer data by using encryption when stored, and while in transit. Data is protected with 128-bit AES encryption at rest, and during transit using industry standard SHA-256 SSL certificates with RSA Encryption. User passwords are hashed and are never stored in plain text.
4. What is a Business Associate?
The term “Business Associate” refers to those entities that perform a service related to claims processing or administration; data analysis processing or administration; utilization review; quality assurance; billing; benefit management; practice management; and repricing.
5. What is a Business Associate Agreement?
A Business Associate Agreement (BAA) is a contract between a Business Associate (AbleSpace) and a Covered Entity (you) that outlines the relationship between the parties as it pertains to the protection of PHI. We have incorporated a standard form Business Associate Agreement into the terms and conditions you accept when using AbleSpace to help you fulfill your obligations as a covered entity under HIPAA. If a separate document is needed, you can reach out to us at firstname.lastname@example.org.
6. Where is my data stored?
The data of AbleSpace customers will reside in the US with Amazon Web Services (AWS).