Return to policies overview

HIPAA COMPLIANCE STATEMENT

Effective 03/03/2023

We welcome you to www.acubliss.app operated by DynaBliss, Inc. In the below HIPAA Compliance Statement, we inform you about the use or disclosure of protected health information, when you as Health Care Provider or Client of a Health Care Provider (collectively “customer”) use AcuBliss.

At DynaBliss, we take all necessary measures to comply with the most stringent privacy and security regulations, including the U.S. Health Insurance Portability and Accountability Act (“HIPAA”) of 1996. The AcuBliss platform is designed to enable our customers to comply with such requirements under applicable patient privacy laws. In addition, DynaBliss takes all reasonable steps to keep the use or disclosure of protected health information to an absolute minimum in order to provide the promised services to its customers.

  1. What is HIPAA?

    1. The Health Insurance Portability and Accountability Act (HIPAA) establishes two important rules for your practice in connection with the use of DynaBliss, namely the security provision and the privacy provision.

    2. Both are established under a general HIPAA category called the Administrative Simplification Act and mutually the provisions affect the transmission, storage, and management of patient information.

    3. The security provision’s purpose is to protect confidential medical information and establishes guidelines to facilitate the storage, maintenance, and transmission of protected health information in a "secure electronic environment". This includes administrative procedures and physical safeguards, as well as technical measures to control and monitor access to protected health information and prevent unauthorized access to data during transmission.

    4. The privacy rule addresses the use and disclosure of protected health information and requires all practices to comply with and to make reasonable efforts to limit the use and disclosure of such protected health information by staff to the "minimum necessary" to perform their jobs.

    5. Further, it is expected to limit the likelihood of "inadvertent disclosure" to individuals for whom there is no reasonable need to know as a matter of law and of course a log of disclosures of certain protected health information that is not directly related to the patient's care must be maintained.

  2. What is AcuBliss?

    1. If you are a healthcare provider, the Services provide you with practice management tools to schedule appointments, chart patient notes, track important demographic and insurance information, bill patients, manage inventory, communicate with patients, and view relevant reporting data about your practice.

    2. The AcuBliss platform is designed with specific features to help our customers comply with HIPAA regulations and uses a relational database that employs a secured username and password login process. Which means that users must have specific access rights, such as to edit or add data, or are denied access to certain data, and when a user adds or changes data in the database, a record is created indicating the change (the revision log).

  3. Customer Support

    1. DynaBliss's support staff assists customers in using the AcuBliss platform in a HIPAA-compliant environment and all access by DynaBliss support staff to patient data at the customer site is via a fully encrypted protocol.

  4. Business partner

    1. HIPAA requires healthcare providers to enter into specific "business associate" contracts with certain entities to which they disclose patient health information. These business associate contracts generally require the recipients of such information to take appropriate precautions to protect the patient health information they receive. To perform certain service and support tasks, DynaBliss employees may need access to patient health information maintained by DynaBliss customers. As a result, DynaBliss may be considered a business associate ("Business Associate") of the customers who receive these services. DynaBliss is providing a new Business Associate standard contract for its customers that meets HIPAA requirements. DynaBliss' Business Associate Agreement provides general assurances to customers that the company will use the patient data they submit only to provide services and support and will protect that data against misuse.

  5. HIPAA Policy

    1. To implement these requirements for business associates and to protect the confidentiality and integrity of patient data received, our HIPAA Policy sets forth the following:

      1. It provides that DynaBliss will retrieve and use confidential patient data provided by its customers only to the extent necessary to perform customer service and support.

      2. It restricts access to such data to those employees and agents who provide specific service and support.

      3. It prohibits the disclosure of patient data provided by customers to anyone who is not an employee or agent of DynaBliss, unless specifically authorized by DynaBliss and by the customer and/or patient, as appropriate.

      4. It requires all DynaBliss employees and agents to report any use or disclosure of patient data in violation of this Policy.

      5. It provides that DynaBliss will investigate all reports that patient data has been used in a manner not permitted by this Policy and will impose appropriate sanctions on conduct prohibited by the policy.

      6. It specifies that DynaBliss employees who may come into contact with patient data receive training on DynaBliss' privacy and security regime and policies and the importance of protecting the confidentiality and security of patient data.

      7. It provides for transferring patient data provided by customers in a secured manner so that the integrity, confidentiality and availability of the data is protected.

  6. Your HIPAA Rights

    1. When it comes to your health information, you have additional rights. To exercise any of these rights, contact us at the contact information listed above.

    2. In particular:

      1. You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you.

      2. You can ask us to correct health information about you that you think is incorrect or incomplete.

      3. You can ask us to contact you in a specific way (for example, home or office phone) or at a specific location (for example, to send mail to a different address).

      4. You can tell us your choices about what we share.

      5. You can ask us to limit what we use or share

      6. You can get a list of those with whom we have shared information

      7. You can get a copy of this Notice

      8. You can choose someone to act for you

      9. You can file a complaint if you feel your rights are violated

  7. Our Recommendations

    1. DynaBliss has put together some suggestions to help ensure that your patients' data are managed by your practice in a responsible and HIPAA-compliant manner when using the AcuBliss platform:

      1. Be sure to obtain explicit (preferably written) permission from your patients to use the AcuBliss platform.

      2. Keep your passwords in a secure location that unauthorized staff and patients cannot access.

      3. Set up user accounts for your computers that require users to log in with a password.

      4. Always lock or log out of your AcuBliss account when not in use.

      5. Use unique identifiers for your patients when using AcuBliss to increase privacy.

      6. Develop standard procedures under which every handling of patient images must be documented.

      7. Keep your laptop, computer and digital camera within your practice in a secure location with limited access.

      8. Keep a copy of your AcuBliss User Agreement (issued at the time you subscribe to AcuBliss).

    2. In addition to complying with HIPAA security recommendations, DynaBliss adheres to the FTC's Security by Design Guidelines:

      1. Data security is carefully assessed for each component of the AcuBliss platform;

      2. Data is encrypted both in transit and at rest;

      3. AcuBliss uses two-factor authentication;

      4. AcuBliss is protected against common vulnerabilities; and

      5. Our team keeps up to date with new vulnerabilities and keeps the software updated accordingly.

  8. Network Protection

    1. All DynaBliss servers and the AcuBliss platform and supporting systems are protected from hackers and network intrusion by firewalls and other leading security measures.

  9. Controlled Employee Access

    1. Certain DynaBliss staff and system administrators may need to access the DynaBliss system to provide operational / administrative support. Access rights are strictly controlled, and access is granted only to those who need it to support the DynaBliss system and its users. All DynaBliss employees and subcontractors are required to sign confidentiality agreements. Access to the system is granted only after validation of the user's identification data, assigned role and system permissions.

  10. User Passwords

    1. Users must enter their username and password to gain access to the DynaBliss system. These credentials are created by users during registration. To reset a password, the information is sent to the user's email on file. If two-factor authentication is enabled, a unique passcode is sent via SMS after the account password is entered. Administrators do not have access to user passwords and passwords can only be reset by following a link sent via email User Request.

  11. Encryption

    1. Encryption provides users with a secure way to exchange information with websites through their web browsers by (scrambling) the information as it is transmitted. This makes it unusable for anyone who does not have a protected decryption key to (decrypt) the information. DynaBliss provides encryption for user interactions through Secure Socket Layer (SSL) technology with a robust 256-bit encryption key. DynaBliss also uses industry-proven encryption standards, TLS) when health information is transmitted into or out of DynaBliss.

  12. Physical Security

    1. The DynaBliss server and supporting systems are physically secured and protected in Amazon Web Services' world-class data centers. Access to the physical systems is carefully controlled through security measures at multiple levels. of authentication requirements (e.g., user keys, biometrics), security guard and registration check-in requirements, and state-of-the-art security monitoring and alert systems.

  13. Access tracking and disclosure

    1. In accordance with HIPAA standards, DynaBliss logs relevant details each time health information is viewed, edited, or exported to ensure system integrity.

  14. Does this Compliance Statement change?

    1. We may from time to time update our HIPAA Compliance Statement, to reflect a change in the law, in our business practices or the cookies we use.

  15. Who should I contact for more information?

    1. If you have any questions or comments about our HIPAA Compliance Statement or wish to exercise your rights, please contact us using the following contact details:

DynaBliss, Inc.
2226 MacArthur Blvd, #27505,
Oakland, California 94602, USA

Web: www.acubliss.app
E-Mail: privacy@dynabliss.com

This HIPAA Compliance Statement was last updated on Friday, March 03, 2023


Return to policies overview