HIPAA

What are Alohi’s Data Protection Procedures & Policies?

At Alohi, we are deeply committed to protecting your data through meticulous monitoring, advanced encryption, secure handling practices, and a commitment to continual improvement, ensuring the utmost standards of data protection and regulatory compliance. Here is our approach:

Access Control
In the Alohi Suite, we vigilantly monitor every file transfer, automatically archiving each one. This allows us to maintain oversight over who accesses our systems, especially those that manage sensitive health information (ePHI).

Data Encryption & Secure Transmission
We employ robust encryption to protect your documents, both at rest and in transit. This means we lock down your files with a strong digital key, and when they're on the move, they're protected from unauthorized access.
‍
Audit Trails
Sign.Plus and Fax.Plus maintain comprehensive records of all documents sent or received, enabling thorough retrospective analysis. Our systems and policies are designed for strict monitoring of activities, especially concerning ePHI, to ensure robust oversight.
‍
User Authentication
Accessing Alohi Suite requires a unique identifier like an email or a securely encrypted username and password. Each login is authenticated with a unique digital ID cookie, securing your session from beginning to end.

No-Storage Option
Alohi Suite offers you the choice to bypass storing your data on our servers. If selected, incoming documents are directly emailed to you without being saved on our end, and outgoing documents are deleted immediately after transmission.
‍
Data Deletion
Should you choose to end your service with an Alohi product, you can request the removal of all your data from our servers. We ensure no paper trails are left; any necessary printed materials are destroyed immediately after use.

Fortified Data Centers
Our data centers are secure strongholds, adhering to the highest security standards and certifications. Designed to safeguard your information rigorously, they comply with a multitude of security frameworks and certifications.
‍
Continuous Security Enhancement
We proactively identify risks and fortify our security measures, including regular updates to our policies, ongoing staff training, security assessments of our applications and networks, risk evaluations, and strict adherence to regulatory compliance.
‍
Additional robust measures incorporated by Alohi:

• 256 bit AES encryption on stored signed and faxed documents.
• Enforced HTTPS with secure SSL/TLS certificate.
• Data backups stored in secured, world-class data centers.
• Account owner authentication.
• Restricted outside access to all servers and production workstations.
• Sophisticated monitoring and escalation system.
• Automated data backups.
• Automated virus checking.
• Report any non-compliance of which we become aware.
• Notice of data breach.
• Access to production systems is restricted with unique SSH key pairs.
• All employees complete thorough background checks and are required to sign a confidentiality agreement as part of their employment contract.
• All employees receive training on our policies and procedures according to HIPAA mandates.
• Named a HIPAA Security Official who creates, maintains, and trains regarding our HIPAA policies and procedures.