HIPAA Considerations

AGNES-Connect is a cloud baed software product hosted on Amazon Web Services and managed by AMD.

AGNES-Connect does not permanently store any ePHI data. AGNES-Connect is used to access real-time patient information, and all storage for this data is emphemeral. It is only used to facilitate communications of medical data during a patient encounter. After the patient encounter is completed, there is no record of the data communicated retained within the AGNES-Connect system.

Risk Assessment

The AGNES-Connect software undergoes periodic risk assessments, taking under consideration general software development principles as well as how best to aid in customers HIPAA compliance.

AGNES features to aid HIPAA Compliance

In order to facilitate HIPAA compliance, AMD Global Telemedicine and the AGNES software implements certain features and functionality, such as emphemeral data collection.

Access

AGNES-Connect restricts access to the real-time communication of medical data by utilizing a user database system. This database is supported by Amazon Services. All passwords are stored as irreversible SHA hashes. Even if access to the user database is compromised, the passwords will not be revealed.

User access logging

AGNES-Connect logs all events relating to users logging in to the AGNES software portal. AGNES-Connect This data is available to customers HIPAA compliance departments if needed to implement their specific HIPAA policies and procedures.

Data in transit encryption

The AGNES-Connect portal is configured to be accessed only via SSL. All data transferred between AGNES and authenticated users is secured using this mechanism. AMD managed sites provide 2048 bit SSL certificates from Amazon used for encryption. The connection to the portal will be facilitated by a client provided by AMD and updates are distrubuted automatically.

Data at rest encryption

Data at rest within the AGNES-Connect software is only stored for the duration of a patient encounter and is not stored permanently. Even within the time frame of the patient visit all data is stored using AES-256 bit encryption. The key for this encryption is generated at run-time and never available outside of the software itself. This key is regenerated for every new AGNES-Connect encounter. The data is stored in a segregated S3 container..

Backups and emergency ePHI access

AGNES does not permanently store any ePHI.