HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.
We know the HIPAA industry is vast and that it is important to work well and communicate with patients while remaining HIPAA compliant.
SEE ALSO: HIPAA compliant email
Today, we will determine if Auryc is HIPAA compliant or not.
Auryc, founded in 2016, provides customer experience management (CXM) by optimizing customer experiences across the web and mobile environment.
The company has several products to help organizations reach their full customer potential:
- Customer Experience Intelligence Platform
- Customer Feedback
- Session Replay
Organizations can centralize and standardize customer information to improve and enrich a customer’s journey. All in real-time.
Auryc and the business associate agreement
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.
While there is no mention of a BAA on the Auryc website, a web page on Session Replay states that Auryc is HIPAA compliant. But there is no information about how it achieves HIPAA compliance.
Auryc and cybersecurity
In fact, all data is hosted and sits behind an AWS firewall. Other than this, Auryc states that it uses adequate administrative, technical, organization, and physical safeguards without stating what they are.
Interestingly, there is no mention of customers’ customers except in the Terms of Service. There, Auryc states that they may have access to PII for “you or your clients’ current or prospective customers, consumers, or personnel.”
But when it comes to security, Auryc makes it clear: “You acknowledge that You provide Your [PII] at Your own risk.”
Is Auryc HIPAA compliant?
The BAA is a key component of HIPAA compliance and Auryc does state anywhere if it will sign a BAA. Moreover, the company states that it cannot guarantee data safety.
Although on one piece of documentation Auryc claims it is HIPAA compliant, we cannot confirm this. Covered entities should confirm HIPAA compliance with the company directly.