Abartys Health Commitment to HIPAA Compliance

Abartys Health is committed to protecting the privacy of members’ health information, and to complying with applicable federal and state laws that protect the privacy and security of a member’s health information.

Abartys Health has adopted a number of internal safeguards to prevent the unauthorized use, alteration, or disclosure of PHI orally, in writing, or transferred electronically throughout the company. These safeguards include administrative procedures, physical protections, and technology security solutions. Abartys Health will continue to maintain adequate administrative, technical and physical safeguards to protect the privacy of PHI from unauthorized use or disclosure, whether intentional or unintentional, and from theft and unauthorized alteration. Safeguards are also utilized to effectively reduce the likelihood of use or disclosure of PHI that is unintended and incidental to a use or disclosure in accordance with Abartys Health policies and procedures.

HIPAA compliance is an on-going process, and we are committed to continued compliance through periodic review of our internal policies and procedures and technological assessments as our organization grows and our technology evolves.

Your security is our priority

Ensuring your security is just as important to us as delivering a consistent, thoughtful user experience. We have various measures and policies in place to protect the data of all our users. We strongly believe in transparency when it comes to security and have outlined our practices below for your knowledge.

COMPLIANCE

Abartys Health continuously seeks to protect your data with the highest standards in the industry, which is why we’ve worked to achieve compliance with HIPAA among others industry standards as required.

WE TREAT YOUR DATA WITH CARE

We have strict policies about who can access our servers. Abartys Health servers can only be accessed from our environment firewall on AWS, and only operational team members can access that environment. Our operational team members are restricted from accessing the servers except for authorized routine checks and further investigation into user feedback such as bugs. Abartys Health users have ZERO direct access to our servers.

WE USE A TOP-NOTCH DATA CENTER

We use Amazon Web Services (AWS) for our data center. AWS is the most used and reliable hosting service in the world. Their security standards are unrivaled, and their services are designed for high-volume data center operations. AWS offers expert insights on operational services—they always have us and you covered. AWS has multiple data centers that are dispersed in remote areas around the world. Even if a data center is down due to failure, a recovery data center can seamlessly continue service.

WE BACKUP YOUR DATA FOR PEACE OF MIND

Abartys Health has two countermeasures in case of server failure, human error, etc.

  1. The database server forwards data to another server in real-time and copies in an instant. What does this mean for your data? If the database server fails for any reason, it is possible to resume using Abartys Health with cloned data.
  2. A full backup for Abartys Health data is done once per day. What does this mean for your data? If we lose messages due to an operational mistake, we can rollback the messages to the previous two weeks.

Backup data stored in AWS is housed in an extremely durable facility(*), so the probability of data being lost due to a failure is almost equal to zero.

(*) AWS states its storage durability is 99.999999999%. If we store 10,000 objects with AWS, on average, we may lose one of them every 10 million years or so. ( document: https://aws.amazon.com/blogs/aws/new-amazon-s3- reduced-redundancy-storage-rrs/ )

WE PROHIBIT UNAUTHORIZED ACCESS

We have powerful systems in place to protect against application vulnerability and prevent malicious third parties from accessing your data on Abartys Health.
We will only grant access to your account after the proper Email/Access ID and password have been entered. When you successfully sign in to our secure websites, your browser will establish a secure connection between your computer and our web servers using Transport Layer Security (TLS), which helps prevent your information from being tampered with during transmission across the Internet.
All modern web browsers include mechanisms that indicate when online connections are secure. Often a lock symbol is used and may be displayed in the web browser address bar and/or elsewhere on your screen. Visit the website for your browser to learn about the symbols or mechanisms they use to let you know when online connections are secure.

ALL HTTP CONNECTIONS ARE ENCRYPTED

Your communications and transactions are secure and confidential when you successfully sign in to our secure websites with an Email/Access ID and password. We use Transport Layer Security (TLS) to help keep your information confidential while you conduct business on our secure websites. TLS helps ensure the integrity and confidentiality of your online transactions by creating a uniquely encrypted transmission over the Internet between your web browser and Abartys Health.
For your security, you will not be able to sign in to our secure websites if your browser does not support a minimum of 128-bit encryption. For improved security, performance and support, we recommend that you use the latest browser version with all of the applicable security patches installed.

AUTHENTICATION OF YOUR IDENTITY

We will only grant access to your account after the proper Email/Access ID and password have been entered. When you successfully sign in to our secure websites, your browser will establish a secure connection between your computer and our web servers using Transport Layer Security (TLS), which helps prevent your information from being tampered with during transmission across the Internet.
All modern web browsers include mechanisms that indicate when online connections are secure. Often a lock symbol is used and may be displayed in the web browser address bar and/or elsewhere on your screen. Visit the website for your browser to learn about the symbols or mechanisms they use to let you know when online connections are secure.

MONITORING SERVER AND TROUBLESHOOTING

We monitor server reports 24/7. Our monitoring system notifies our operational team of system abnormalities. Our team follows up on reported abnormalities as soon as they come in.

YOU GET THE LATEST INFORMATION ABOUT FAILURE AND MAINTENANCE

We inform users of planned maintenance outages a week in advance with in-app announcements and/or in Abartys services status website. http://www.abartyshealth.com/status. Our Twitter account also publishes when Abartys Health is done with maintenance. If the problem is persistent, we will report it on our blog.
Example: https://status.nulab-inc.com/

COMMUNICATING WITH ABARTYS HEALTH

We promote safe communication practices when dealing with our clients and customers. Whether you communicate with us through telephone, email or online, here’s what you can expect:

  • We will not ask you to provide personal, financial or confidential information in email communications initiated by Abartys Health.
  • We will always confirm your identity by asking a set of questions with responses that you previously supplied to us. This applies whether you contact us, or we contact you.
  • We will never ask you to change your account information. You have to initiate changes to your account yourself.
  • We will never ask you for your password.
  • We protect your email address by maintaining appropriate technical safeguards. All emails we receive are screened for infected file attachments.
  • We may require additional information or verification before accepting a transaction, to ensure the account holder is making the request.

Abartys Health reserves the right to restrict or cancel access to the site without providing notice. This will be done when Abartys Health has reason to believe that your data may be at risk.

PASSWORD PROTECTION

When you access our secure websites, we need proof of your identity in the form of your Email/Access ID and password. We will only grant access to your account if the proper Email/Access ID and password are entered. Always keep your password confidential. Only you should know what it is. Learn more on how you can protect your password.
To prevent others from guessing your password, we will disable your password for 30 minutes after 3 consecutive unsuccessful sign-on attempts. If account is disabled for other reasons, contact the number indicated on the error message received or please contact us.
Abartys Health will not be held responsible for any loss or damage which may be incurred as a result of unauthorized use of your password.

SESSION TIME-OUT

To prevent your account from remaining open when not in use, your online session with our secure websites will be terminated after several minutes of inactivity. If this occurs, you will need to successfully sign in again with your Email/Access ID and password to continue.

HOW TO PROTECT YOURSELF

Abartys Health takes due care in protecting your information. Here’s what you can do to help.

PROTECTING YOUR IDENTITY

Identity theft happens when your personal information is stolen and used illegally to charge expenses to your accounts, create new accounts in your name or for other illegal purposes.
Here’s what you can do to minimize identity theft:

  • Don’t provide your personal information unless you need to.
  • Don’t respond to unsolicited requests for personal or account information.
  • Shred documents and any junk mail containing personal information before you throw them away.
  • Don’t leave your personal mail in an area where it can be looked at by others.
  • Don’t include your Social Insurance Number / Social Security Number or driver’s license number on sensitive documents, unless you understand the purpose and consent to it.
  • Keep documents such as Passports, Birth Certificates, etc., in a secure place, such as in a safety deposit box.
  • Check your online financial accounts to watch for any suspicious transactions.
  • Don’t keep your payment card Personal Identification Number (PIN) in your wallet.
  • Sign the back of your credit and debit cards as soon as you receive them.
  • Report lost or stolen credit and debit cards immediately.
  • Review your credit report at least once a year.

PROTECTING YOUR PASSWORD

Your password is your proof of identity. Using a strong password helps you to protect your identity.
Keep your Abartys Health secure site sign-on information (ID and password) confidential to prevent unauthorized use. We recommend that you:

  • Change your password on a regular basis.
  • Use a strong password that has at least 8 characters with a combination of uppercase and lowercase letters, numbers and special characters.
  • Do not leave your computer unattended while connected to Abartys Health secure sites.
  • Do not share your password with anyone.
  • Do not use the same password twice.
  • Do not write your password down.
  • Do not store your password in a computer file unless it is encrypted.
  • Do not use personal or identifying information as your password, for example, date of birth, name or Social Insurance Number / Social Security Number.

PROTECTING YOUR COMPUTER AND MOBILE DEVICES
SAFE COMPUTING TIPS

  • Install anti-virus software, anti-spyware software, and a personal firewall. Be sure to schedule periodic, (e.g., weekly) anti-virus and anti-spyware scans to run automatically.
  • Keep all your software up to date, including your operating system, browser, etc. Regardless of what operating system you use (e.g., Windows, Mac, etc.) you should keep it up-to-date. It’s helpful to configure your operating system to automatically install new updates as they are issued by the manufacturer. To learn more, visit your manufacturer’s support site, e.g., Microsoft support, Mac support.
  • Only download and install software from reputable websites. Avoid installing software received as email attachments from unknown sources.
  • Only download mobile applications from an authorized provider. This is true for Abartys Health applications, which should be installed directly from the Abartys Health website or from an authorized provider, such as Google Play Store, BlackBerry App World or Apple’s App Store. There is no way of knowing what information will be gathered from an unauthorized application or where it will be sent.
  • Secure your home wireless network by changing the default administration ID and password (using a strong password!) changing your wireless network name and, most importantly, enabling WPA2 encryption.
  • Use a spam filter, for example the filter offered by your email provider.
  • Never respond to spam emails as this only confirms that your email address is valid.
  • Do not click on links in emails as you could inadvertently download malware or spyware. Enter the link web address into your browser instead.
  • Create bookmarks for frequently used websites and use them to access the websites.
  • Be aware of your surroundings when using a computer or mobile device in a public place. Others may see what’s on your screen.
  • Be careful about using public Wi-Fi networks where you could potentially expose sensitive information.

DATA ENCRYPTION

For your security, you will not be able to sign in to our secure websites if your browser does not support a minimum of 128-bit encryption. For improved security, performance and support, we recommend that you use the latest browser version with all of the applicable security patches installed.
To ensure you are using latest browser version available, you can follow the applicable link below:

  • Microsoft Internet Explorer
  • Google Chrome
  • Mozilla Firefox
  • Apple Safari

ANTI-VIRUS SOFTWARE

Anti-virus software can help protect your computer from malicious software (malware such as viruses). Malware is the term used to describe any software that has a malicious intent including: disrupting computer operations and stealing information. There are many ways malware can infect your computer including: clicking on links, clicking on images, downloading files (e.g., music) and opening email attachments.

PERSONAL FIREWALL

When your computer is connected to the internet it is vulnerable to attack. Help protect your computer by using a personal firewall which can serve as a barrier against attacks.

OPERATING SYSTEM

Regardless of what operating system you use (e.g., Windows, Mac, etc.) you should keep it up to date. It’s helpful to configure your operating system to automatically install new updates as they are issued by the manufacturer.

DOWNLOAD MOBILE APPLICATIONS FROM AUTHORIZED PROVIDERS

You should download mobile applications from an authorized provider. This is true for Abartys Health Financial applications, which should be installed directly from a Abartys Health Financial website or from an authorized provider, such as Google Play Store, BlackBerry App World or Apple’s App Store There is no way of knowing what information will be gathered from an unauthorized application or where it will be sent.

CONTACT US

To report a suspicious email, website or phone call that you believe is using a Abartys Health brand, logo or corporate name inappropriately (or any confusingly similar brand, logo or corporate name), please contact us and provide as many details as you can, including your country of residence.

> AWS HIPAA COMPLIANCE WHITEPAPER
> NIST – IMPLEMENTING THE HIPAA SECURITY RULE
> AWS FAULT TOLERANCE & HIGH AVAILABILTY
> AWS WEB APPLICATION HOSTING REFERENCE
> AWS WEB HOSTING BEST PRACTICES
> ABARTYSHEALTH REVIEW BY BATTELLE