HIPAA Considerations
AGNES Connect is a cloud-based software product hosted on Amazon Web Services and managed by AMD.
AGNES Connect does not permanently store any ePHI data. Patient information is accessed in real-time, and all storage for this data is ephemeral. In other words, patient information is only used to facilitate communications of medical data during a patient encounter. After the patient encounter is completed, there is no record of the data retained within the AGNES Connect system.
Risk Assessment
The AGNES Connect software undergoes periodic risk assessments, taking under consideration general software development principles, as well as how best to aid in customer HIPAA compliance.
General features to aid HIPAA Compliance
To facilitate HIPAA compliance, AMD Global Telemedicine and the AGNES software implement certain features and functionality, such as ephemeral data collection.
Access
AGNES Connectrestricts access to the real-time communication of medical data by utilizing a user database system. This database is supported by Amazon Services. All passwords are stored as irreversible SHA hashes. Even if access to the user database is compromised, the passwords will not be revealed.
User access logging
AGNES Connect logs all events relating to users logging in to the AGNES software portal. Event logs are available to customer HIPAA compliance departments, if needed to implement the organization’s specific HIPAA policies and procedures.
Data in transit encryption
The AGNES Connect portal is configured to be accessed via SSL only. All data transferred between AGNES and authenticated users is secured using this mechanism. AMD managed sites provide 2048-bit SSL certificates from Amazon used for encryption. The connection to the portal is facilitated by a client provided by AMD, and updates are distributed automatically.
Data at rest encryption
Data at rest within the AGNES Connect software is stored in a segregated S3 container for the duration of a patient encounter using AES-256 bit encryption. A new encryption key is generated at run-time for each new encounter and never available outside the AGNES Connect software.
Backups and emergency ePHI access
AGNES does not permanently store any ePHI.