Is Auryc HIPAA compliant?

AURYC logo

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.

Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI).

We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.

SEE ALSO:  HIPAA compliant email

This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare.

Today, we will determine if Auryc is HIPAA compliant or not.

About Auryc

Auryc, founded in 2016, provides customer experience management (CXM) by optimizing customer experiences across the web and mobile environment.

The company has several products to help organizations reach their full customer potential:

  • Customer Experience Intelligence Platform
  • Analytics
  • Customer Feedback
  • Session Replay
  • Insights

Organizations can centralize and standardize customer information to improve and enrich a customer’s journey. All in real-time.

Auryc and the business associate agreement

A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.

In this instance, Auryc is a business associate of a healthcare organization if it works with any data that includes electronic PHI (ePHI), like a name or an email address.

Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA.

While there is no mention of a BAA on the Auryc website, a web page on Session Replay states that Auryc is HIPAA compliant. But there is no information about how it achieves HIPAA compliance.

Auryc and cybersecurity

Generally, the Auryc website is sparse on background information. Its Privacy Policy includes a brief statement of security along with information of use and disclosure.

Auryc encrypts data at rest using AES-256 and data in transit with endpoint security through Amazon Web Services (AWS).

RELATED: Is Amazon Web Services (AWS) HIPAA compliant?

In fact, all data is hosted and sits behind an AWS firewall. Other than this, Auryc states that it uses adequate administrative, technical, organization, and physical safeguards without stating what they are.

One important phrase of the privacy policy states, “Customers have the choice of what data to record. You can and should exclude any Personally Identifiable Information (PII) of the user.”

Interestingly, there is no mention of customers’ customers except in the Terms of Service. There, Auryc states that they may have access to PII for “you or your clients’ current or prospective customers, consumers, or personnel.”

But when it comes to security, Auryc makes it clear: “You acknowledge that You provide Your [PII] at Your own risk.”

Is Auryc HIPAA compliant?

The BAA is a key component of HIPAA compliance and Auryc does state anywhere if it will sign a BAA. Moreover, the company states that it cannot guarantee data safety.

If a data breach or HIPAA violation occurs and any PHI/PII is accessed, the covered entity is liable.

Conclusion

Although on one piece of documentation Auryc claims it is HIPAA compliant, we cannot confirm this.  Covered entities should confirm HIPAA compliance with the company directly.

Try Paubox Email Suite for FREE today.

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport