OnScript Privacy Policy

Effective Date: @August 31, 2023

Welcome to OnScript. This Privacy Policy outlines our comprehensive framework for the collection, usage, and safeguarding of your protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and other pertinent regulations. Please read this policy carefully to gain a thorough understanding of how your PHI is managed when utilizing our cutting-edge AI-powered software platform and its associated services.

Summary

Designated Security Officer

Data Center Security

Data Access Control

Encrypted Backups

Identification and Management of PHI

Advanced AI for Redaction

SOC Compliance

Audio Data Management

AI Model/OpenAI/Microsoft

Additional Measures

Summary

OnScript is committed to maintaining HIPAA compliance. We have implemented a series of measures to ensure the confidentiality, integrity, and security of all Protected Health Information (PHI). We undergo periodic internal reviews to update and enhance these measures.

Designated Security Officer

OnScript has appointed a qualified Security Officer responsible for overseeing and enforcing our HIPAA compliance program. The officer conducts quarterly reviews of our security protocols.

Data Center Security

Our software is hosted in a HIPAA-compliant data center with multiple layers of security controls, including biometric access. For more details, visit Flexential's Compliance Certifications.

Data Access Control

Access to data is strictly limited to a designated group of engineers who have undergone HIPAA training. Role-based access controls are in place, and an access review is conducted bi-annually.

Encrypted Backups

All backups containing PHI are encrypted and stored in a secure, off-site location (Amazon S3). Access to backups is limited to authorized personnel only. Access to S3 is limited to write-only with limited permissive access.

Identification and Management of PHI

We have identified all potential sources of PHI within our software stack. Stringent measures are in place to prevent unauthorized access and leaks of PHI, supported by continuous monitoring.

Advanced AI for Redaction

We have developed a second-generation redaction tool, an advanced AI transformer architecture that improves our redaction processes while complying with HIPAA standards.

SOC Compliance

We have implemented controls to meet SOC 2 compliance standards. A third-party external audit is pending and expected to be completed by Q1 next year.

Audio Data Management

While we do not currently scrub PII from audio data, strict access controls are in place to protect this sensitive information.

AI Model/OpenAI/Microsoft

For additional information on Microsoft/Azure data security and privacy, visit Microsoft Data Privacy.

Additional Measures

Staff Training: All staff undergo annual HIPAA training.
Internal Audits: Quarterly internal audits are conducted to ensure ongoing compliance.
Incident Response: We have a well-defined incident response plan for any potential breaches of PHI.
Business Associate Agreements: BAAs are in place with all third-party vendors handling PHI.