Aethera

HIPAA Compliance Statement

Protecting Patient Privacy and Securing Healthcare Operations

1. Our Commitment to Healthcare Privacy

Aethera is built on a foundation of trust, prioritizing the security and confidentiality of patient and provider data. While Aethera operates as a directory service and is not inherently a direct Covered Entity under the Health Insurance Portability and Accountability Act (HIPAA), we voluntarily adhere to rigorous HIPAA-compliant standards to protect the integrity of our platform and secure any potential transmission of Protect Health Information (PHI).

2. Technical Safeguards (Security Rule)

Aethera implements stringent technical controls to protect data in transit and at rest:

  • Encryption in Transit: All communications between users (patients or providers) and Aethera servers are protected by strong TLS 1.3 encryption protocols.
  • Encryption at Rest: Any sensitive data stored in our databases is encrypted using AES-256 standard encryption algorithms to prevent unauthorized access in the event of hardware compromise.
  • Access Controls: Unique user identification, role-based access control, and robust password hashing (Bcrypt) are enforced across the platform.
  • Audit Logging: Our servers meticulously log system access and modifications to track the flow of information for immediate threat identification.

3. Business Associate Agreements (BAAs)

Aethera operates on modern cloud infrastructure utilizing vendors who themselves support HIPAA-compliant environments. Where applicable to our service model, we establish Business Associate Agreements (BAAs) with third-party vendors processing relevant data to ensure a continuous chain of security and compliance.

4. Administrative and Physical Safeguards

Access to Aethera's backend systems is strictly monitored and limited to authorized personnel using multi-factor authentication. Server environments are hosted within ISO 27001-certified and SOC 2 Type II compliant data centers featuring biometric security, 24/7 armed guards, and environmental controls.

5. Secure Lead Generation (Growth & Pro Tiers)

When patients utilize Aethera's platform to contact verified "Growth" or "Pro" tier providers:

  • Aethera acts as a secure intermediary but does not permanently store the contents of clinical messages (PHI) beyond the duration necessary for transmission.
  • Providers are solely responsible for ensuring that their recipient email systems, EHR platforms, and internal processes meet HIPAA regulations.
  • We strongly advise patients against transmitting highly sensitive medical diagnoses, social security numbers, or financial data through initial contact forms.

Provider Responsibility

It is the explicit responsibility of individual practitioners and clinics utilizing Aethera's directory to maintain their own HIPAA compliance regarding the reception, storage, and processing of patient data acquired through this platform.

6. Reporting and Contact

If you believe there has been a breach of unsecured protected health information or have questions regarding our security protocols, please contact our Compliance Officer immediately at security@cuti-therapy.com (Placeholder).