How We Protect Your Data
At Awrel, we take the security and durability of your data very seriously.
We know that our customers must ensure the confidentiality of protected patient information pursuant to HIPAA. We understand the sensitivities of keeping patient health data private. We know that a HIPAA violation could have a significant impact on your business success. Fines are often steep and, for some, the cost of a tarnished reputation is insurmountable.
We carefully selected our technology partner based upon their solid experience and history of success in ensuring full compliance with HIPAA rules and regulations for Protected Health Information (PHI.) Additionally, we use many of the same techniques that are standard in banks and major corporations to protect our systems.
All communication between your Awrel application and our back-end system is encrypted. Even when users are on insecure networks, such as at an airport or coffee shop, no one can access your data. We use industry-standard AES encryption for stored data.
Our storage and servers are redundant, so if something fails, we can recover quickly. In case of disaster, data is continuously backed up. Our servers reside in a physically secure data center, which is monitored 24 hours a day, 365 days per year. We continuously identify and update security patches for all of the software we use.
With the following HIPAA Compliance Statement, we ensure that our customers (who are “Covered Entities” under HIPAA) know that Awrel is aware of HIPAA requirements and we will do our part to help ensure that patient data is kept confidential. This statement is not intended to take the place of a Business Associate Agreement.
We have instituted policies and procedures to ensure that such data is kept confidential, including but not limited to the following:
Privacy and Security Rule(s):
To protect the privacy and security of the PHI, we have implemented the following processes:
- All data stored encrypted with 256-bit Advanced Encryption Standard in Cipher Block Chaining mode
- All data encrypted as it is transmitted between computers and devices
- No PHI persisted on phone or client local system
- Email address verification
- Restricted access to PHI on a need-to-know basis (via passwords and company policy)
- Restricted outside access to all servers and production workstations
- Automated data backups
- Data backups stored in secured, safe, world-class data centers
- Automated virus checking
- Report any noncompliance of which we become aware
- Upon reasonable notice and during normal business hours, allow the Secretary of the United States Department of Health and Human Services the right to audit our records and practices related to the use and disclosure of PHI to ensure compliance
- Named a HIPAA Security Official who creates, maintains and trains regarding our HIPAA policies and procedures
- All employees with access to PHI receive training on our policies and procedures according to HIPAA mandates
- All Awrel employees are required to sign a confidentiality agreement as part of their employment contract
Data Is Protected from Unauthorized Viewing:
Access is restricted via password to only those Awrel employees who have a need to know. Servers and data storage units are in a secured computer room with limited access. Data is received and forwarded via automated, electronic processes where no direct human intervention is required. Access or viewing of PHI is only allowed when required to provide further support to the Covered Entity.
Proper Disposal of Data:
At the end of a Covered Entity’s contract with Awrel, their data is deleted from our servers. No printed reports or paper copies are ever retained in our facility.