avail® services and data are hosted in Amazon Web Services (AWS) facilities (us-east-1) in the USA, (Ireland) in the EU and (Central) in Canada.
The avail® service leverages the security inherent in the AWS cloud platform. In addition the bespoke avail® software system follows industry best practices to ensure the integrity of user identity and access management (IAM) including secure coding and configuration management.
All data sent to or from avail® is encrypted in transit using 256 bit encryption. Standard secure socket layer (SSL) certificate technology is used to ensure all internet connections made to the avail® service are encrypted and safeguards all data transferred between user and server from being read/modified by a third party. The avail® servers themselves exist in a virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to the avail® internal network.
Additionally, the avail® service uses an encrypted database adding an additional layer of data protection by preventing unauthorized access to the underlying storage while fulfilling all necessary compliance requirements for data-at-rest encryption. Logs and backups of the database generated as a result of service maintenance are also encrypted.
What is GDPR?
The General Data Protection Regulation (EU) 2016/679 known as GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
The GDPR is a single set of rules that aim primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It also addresses the export of personal data outside the EU and EEA areas.
How has the avail® service achieved compliance?
Avail Support Ltd. (avail®) is committed to GDPR compliance and the secure and correct handling of all data across the service, but in particular personal data.
Avail Support Ltd. (avail®) is a “data processors” and as such Avail Support Ltd. (avail®) undertake to implement all appropriate technical and organisational measures to ensure the security of the data.
Any compliance / GDPR related questions should be sent to this email address (firstname.lastname@example.org)
Avail Support Ltd. (avail®) collects, holds, processes, and shares personal data, a valuable asset that needs to be suitably protected. Every care is taken to protect personal data from incidents (either accidentally or deliberately) to avoid a data protection breach that could compromise security.
Compromise of information, confidentiality, integrity, or avail®ability may result in harm to individual(s), reputational damage, detrimental effect on service provision, legislative noncompliance, and/or financial costs.
For this reason, Avail Support Ltd. (avail®) has implemented company and system policies and processes to protect all data handled by the service.
What is HIPPA?
HIPAA was passed in 1996 and is designed to make it easier for individuals to secure health insurance coverage when they change or lose employment. The legislation also has driven the adoption of electronic health records, through information sharing, to improve the efficiency and quality of the American healthcare system.
Along with increasing the use of electronic medical records, the law includes provisions (included in what are known as Administrative Simplification Rules) to protect the security and privacy of protected health information (PHI). PHI includes health-related data, from insurance and billing information to lab results and diagnosis and clinical care data. These HIPAA Rules apply to covered entities—such as hospitals, medical services providers, employer-sponsored health plans, research facilities, and insurance companies—that deal directly with patients and patient data. The law and the regulations that implement the law also are extended to business associates of covered entities.
An what is HITECH?
In 2009, HIPAA was expanded by the Health Information Technology for Economic and Clinical Health (HITECH) Act, which is Title XIII of the American Recovery and Reinvestment Act. HIPAA and HITECH establish a set of federal standards intended to protect the security and privacy of PHI. These standards affect the use and disclosure of PHI by covered entities and their business associates. HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities.
avail® HIPPA Compliance
Because HIPAA is a set of federal regulations, a certification is not available for HIPAA. However, the avail® service maintains compliance with HIPAA regulations by applying an approach called the Shared Responsibility Model. Responsibility is shared with the hosting providers Amazon Web Services and the breakout of responsibility is described in the infographic below. Both parties have entered into a HIPAA Business Associate Agreement (BAA) in which they undertake to provide systems and processes to achieve the prerequisite level of security and confidentiality throughout the creation, usage, maintenance and storage of user’s PHI data.
Source: Shared Responsibility Model (AWS)