HIPAA Compliance Statement

1. What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law that establishes national standards for protecting the privacy and security of Protected Health Information (PHI). HIPAA applies to healthcare providers, health plans, healthcare clearinghouses, and their business associates.

Ausmo App is committed to maintaining HIPAA compliance to ensure the privacy and security of health information for all users, particularly when working with healthcare providers and therapists who are HIPAA-covered entities.

2. Our HIPAA Compliance Framework

2.1 Administrative Safeguards

• Security management processes with risk analysis and mitigation
• Assigned security responsibility with dedicated privacy officers
• Workforce security training and authorization procedures
• Information access management with role-based controls
• Security awareness and training programs
• Security incident response procedures
• Contingency planning and disaster recovery
• Regular compliance audits and assessments

2.2 Physical Safeguards

• Secure data center facilities with restricted access
• Workstation security policies and procedures
• Device and media controls for data storage
• Secure disposal procedures for PHI
• Environmental controls and monitoring

2.3 Technical Safeguards

• Access controls with unique user identification
• End-to-end encryption for data in transit and at rest
• Audit controls and logging of all system activities
• Integrity controls to ensure data is not altered or destroyed
• Automatic log-off after periods of inactivity
• Encryption and decryption mechanisms

3. Protected Health Information (PHI)

When used by HIPAA-covered entities (such as healthcare providers and therapists), Ausmo App may handle the following types of PHI:

• Patient/child names and contact information
• Medical diagnoses and treatment information
• Therapy session notes and progress reports
• IEP goals and treatment plans
• Communication patterns and AAC usage data
• Healthcare provider communications

All PHI is protected with the same rigorous security measures, regardless of the user role accessing the information.

4. Business Associate Agreements (BAA)

Ausmo App enters into Business Associate Agreements with HIPAA-covered entities who use our platform. Our BAAs include:

• Permitted and required uses of PHI
• Safeguards to prevent unauthorized use or disclosure
• Breach notification requirements
• PHI access, amendment, and accounting obligations
• Subcontractor requirements and agreements
• Termination provisions and data return/destruction

Healthcare providers and covered entities can request a BAA by contacting us at compliance@ausmoapp.com

5. Data Encryption and Security

5.1 Encryption Standards

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• End-to-end encryption for messaging and communications
• Encrypted backups with secure key management

5.2 Access Controls

• Multi-factor authentication (MFA) support
• PIN security with biometric authentication (Face ID, Touch ID)
• Role-based access control (RBAC) with minimum necessary access
• Session timeout and automatic logout
• Audit logging of all PHI access

6. Breach Notification

In accordance with the HIPAA Breach Notification Rule, Ausmo App will:

• Notify affected covered entities within 60 days of discovery of a breach
• Provide detailed information about the breach, including affected individuals
• Document all security incidents and breach assessments
• Assist covered entities in fulfilling their notification obligations
• Implement corrective actions to prevent future breaches

We maintain a comprehensive incident response plan and conduct regular security assessments to minimize the risk of breaches.

7. User Rights Under HIPAA

When your healthcare provider uses Ausmo App, you have the following rights regarding your PHI:

• Right to access and obtain copies of your PHI
• Right to request amendments to your PHI
• Right to an accounting of disclosures
• Right to request restrictions on uses and disclosures
• Right to request confidential communications
• Right to file a complaint if you believe your privacy rights have been violated

To exercise these rights, please contact your healthcare provider directly or reach out to our Privacy Officer at privacy@ausmoapp.com

8. Subcontractors and Third Parties

Ausmo App carefully vets all subcontractors and third-party service providers who may have access to PHI:

• All subcontractors must sign Business Associate Agreements
• Regular security assessments of subcontractor practices
• Limited access to PHI based on minimum necessary principle
• Contractual obligations for data protection and breach notification
• Regular compliance audits and reviews

9. Training and Workforce Compliance

All Ausmo App employees and contractors with access to PHI receive:

• Comprehensive HIPAA training upon hiring
• Annual refresher training and updates
• Security awareness training
• Incident response training
• Role-specific privacy and security training

Employees must sign confidentiality agreements and are subject to disciplinary action for HIPAA violations.

10. Audit and Compliance Monitoring

Ausmo App maintains comprehensive audit capabilities:

• Detailed logging of all PHI access and modifications
• Regular security audits and vulnerability assessments
• Penetration testing by independent third parties
• Compliance reviews and risk assessments
• Continuous monitoring of security controls
• Annual HIPAA compliance assessments

11. Data Retention and Disposal

Ausmo App follows strict data retention and disposal policies:

• PHI retained according to covered entity requirements and legal obligations
• Secure deletion methods that make data unrecoverable
• Documented disposal procedures for all media types
• Regular purging of unnecessary data
• Backup data securely destroyed when no longer needed

12. Contact Information

For questions about HIPAA compliance, Business Associate Agreements, or to report a security concern:

13. Updates to This Statement

We may update this HIPAA Compliance Statement periodically to reflect changes in our practices, technologies, or legal requirements. Covered entities will be notified of material changes that affect their Business Associate Agreements.

The current version is always available at ausmoapp.com/hipaa