Data Security FAQ (Frequently Asked Questions)


Patient Identifiable Information

How do you handle PII (Patient Identifiable Information)?

Users are responsible to comply with governance policies and regulations and not input non-compliant data into AimiHub as this information is neither required nor necessary to run improvement projects or analyze data. For healthcare applications, no patient identifiable data may be added to AimiHub in any area. The users are responsible to ensure compliance with the relevant information governance policies and we are not liable for such data or its security.

At no time is patient identifiable data to be used in AimiHub. Team members are responsible to input information which is relevant to the improvement effort and give management reports and transparency of progress or barriers to progress. Using Aimi Analytics, individuals or teams can analyze data using analytic tools to provide statistical evidence that changes are improvements before changes are implemented.


Reliability and Availability

How do I access AimiHub?

AimiHub is provided as a SaaS (Software-as-a-Service) application. It is hosted on the cloud and therefore is a web-based application. It can be accessed any time from anywhere and from any device as long as the accessing device has an internet connection.

AimiHub is developed with optimum performance with Google Chrome browser in mind, however, any modern browser should work equally fine. The only browser not supported is Microsoft Internet Explorer.

Are there blackout times?

We strive to make ensure our services are available 24/7/365 and aim to achieve 99.9% availability. We have monitoring systems and redundancy systems in place to cover unforeseen circumstances.

AimiHub deploys updates multiple times a week, sometimes multiple times a day to make sure that you always have access to the newest and best features and fixes. These deployments are done without interrupting your usage or the application.

Do you backup data? How about system redundancy?

We backup data on a regular basis. We keep daily backups for 90 days after which they are deleted for security purposes.

Our servers are backed by Microsoft Azure and Amazon Web Services policies and procedures and is set up to ensure maximum security. All data centers have physical security policies in place such as guards, biometric access, online backups and proper HVAC systems.

We have redundancy systems in place so in case of failure, data traffic is moved to the next available server in the same region.

Application and Security

Is AimiHub secure?

Absolutely! Our infrastructure is built on Amazon Web Services (AWS) and Microsoft Azure and backed by their policies and procedures. The data centers our applications reside on are compliant with major industry standards such as ISO 27001 and HIPAA.

In addition to the infrastructural policies and procedures, AimiHub has in-application features for security such as, but not limited to, password protection and encryption of certain fields. Organizations can only see their data and cannot share information within AimiHub with other organizations.

How do you handle Confidential Patient Information?

Quality improvement in healthcare does not require storing Protected Health Information (USA) or Confidential Patient Information. AimiHub is not designed nor does it require for such information stored. The quality improvement data requires aggregated general population data to be analyzed and therefore there is no need for such information to be entered.

Our Customer Agreement prohibits the entry of protected health information and confidential patient information into AimiHub.

Does AimiHub encrypt data in transit?

Yes! All communications between the clients (browsers, devices, API calls, etc.) and our servers are protected with top-end in-transit encryption. We only allow a TLS 1.2 or higher connections to our servers. Our standard connection is TLS 1.3.

Does AimiHub encrypt data at rest?

Yes! AimiHub uses several technologies to ensure stored data is encrypted at rest. Our databases, log files and backups are encrypted to ensure that they are protected at rest. Some of our database fields are encrypted and hashed for further protection. Uploaded documents are automatically server-side encrypted using 256-bit Advanced Encryption Standard (AES-256) with keys maintained by AWS.

Data Centers

What are the physical protections in place to protect data?

Our data centers are highly secure and utilize state-of-the-art electronic surveillance and multi-factor access control systems. Data center uptime is guaranteed between 99.5% and 100% and the facilities ensure a minimum of N+1 redundancy to all power, network, and HVAC services. 24/7/365 physical and online security teams further ensure data safety. Additional security equipment includes multi-factor authentication mechanisms, multi-tier security zones, and high-perimeter walls.

Certifications

The infrastructure that AimiHub runs on is compliant with the following standards, laws and regulations:

  • Data Protection Act 1998
  • General Data Protection Regulation (GDPR)
  • ISO27001 - Information Security Management Standard
  • ISO27017 - Cloud Specific Controls
  • ISO27018 - Personal Data Protection
  • SOC - Service Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how key compliance controls and objectives are achieved.