Security and Compliance
At Digital Healthcare Solutions LLC, we take the security and privacy of your data seriously. Our platform, Axon AI (getaxon.ai), is designed with robust security measures to protect sensitive information, including Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA).
1. HIPAA Compliance
We are committed to maintaining the confidentiality, integrity, and availability of PHI. Our services are designed to be fully compliant with HIPAA regulations, and we have implemented administrative, physical, and technical safeguards to protect your data.
a. Business Associate Agreement (BAA)
We enter into a Business Associate Agreement (BAA) with all covered entities to outline our responsibilities in handling PHI. The BAA ensures that both parties understand and comply with HIPAA requirements. You can request a BAA through the settings page of your account.
b. Data Encryption
All PHI is encrypted both in transit and at rest using industry-standard encryption protocols. This ensures that your data is secure from unauthorized access during transmission and storage.
c. Access Controls
We implement strict access controls to ensure that only authorized personnel can access PHI. User authentication mechanisms, including strong password policies and multi-factor authentication, are in place to prevent unauthorized access.
d. Audit Logs
Our systems maintain detailed audit logs of all access and actions performed on PHI. These logs are regularly reviewed to detect and respond to any unauthorized activities.
e. Employee Training
All employees undergo regular training on HIPAA compliance and data security best practices. This ensures that everyone involved in handling PHI is aware of their responsibilities.
2. Data Security Measures
In addition to HIPAA-specific measures, we implement comprehensive security protocols to protect all user data.
a. Secure Infrastructure
Our servers are hosted in secure data centers that comply with industry standards for physical security and environmental controls.
b. Regular Security Assessments
We conduct regular security assessments, including penetration testing and vulnerability scans, to identify and address potential security risks.
c. Incident Response Plan
We have a robust incident response plan in place to quickly address and mitigate any security incidents or breaches, ensuring minimal impact on our users.
3. User Responsibilities
While we take extensive measures to protect your data, security is a shared responsibility. Users are expected to take appropriate steps to safeguard their account credentials and comply with all applicable laws and regulations, including HIPAA.
a. Account Security
Users should use strong, unique passwords for their accounts and keep their login information confidential. Notify us immediately if you suspect any unauthorized access to your account.
b. PHI Handling
Users are responsible for ensuring that any PHI uploaded or shared on Axon AI complies with HIPAA regulations. This includes obtaining necessary consents and authorizations from patients.
4. Data Retention and Deletion
We retain user data, including PHI, only as long as necessary to provide our services or as required by law. Users can request deletion of their data in accordance with our data retention policies.
5. Updates to Security Practices
We continually update our security practices to adapt to new threats and regulatory requirements. Users will be notified of significant changes to our security policies or procedures.
6. Contact Information
If you have any questions or concerns about our security practices or HIPAA compliance, please contact us at support@getaxon.ai.