HIPAA Compliance Center

  • Home
  • /
  • HIPAA Compliance

Welcome to the AutismLinkage HIPAA Compliance Center

AutismLinkage is a digital therapeutic platform created with the goal of building positive pediatric behavioral health outcomes. We believe deeply in transparency and the need for secure practices in this continuously evolving industry.

This page acts as an overview to demonstrate our commitment to compliance and security. Here you can find our certifications and view high level details on controls and protocols that we adhere to.

Infrastructure Security

Control Status
Encryption key access restricted
The company restricts privileged access to encryption keys to authorized users with a business need. 		✓ Active
Unique account authentication enforced
The company requires authentication to systems and applications to use unique username and password. 		✓ Active
Production application access restricted
System access restricted to authorized access only 		✓ Active
Production database access restricted
The company restricts privileged access to databases to authorized users with a business need. 		✓ Active
Access revoked upon termination
The company completes termination checklists to ensure that access is revoked for terminated employees within SLAs. 		✓ Active
Infrastructure performance monitored
An infrastructure monitoring tool is utilized to monitor systems, infrastructure, and performance and generates alerts when specific predefined thresholds are met. 		✓ Active
Network standards maintained
The company's network standards are maintained based on industry best practices, and reviewed at least annually. 		✓ Active
Physical Access Controls
Secure physical access to ePHI storage areas are in place in order to prevent unauthorized entry. 		✓ Active
Environmental Controls
Protocols in place to protect electronic systems from environmental hazards and unauthorized intrusion 		✓ Active
Equipment Controls
Protocols in place to manage the receipt, movement, and disposal of electronic media to ensure data security 		✓ Active

Organizational Security

Control Status
Company inventory maintained
The company maintains a formal inventory of company system assets and is updated real-time. 		✓ Active
Anti-malware technology utilized
The company deploys anti-malware technology to environments commonly susceptible to malicious attacks and configures this to be updated routinely, logged, and installed on all relevant systems. 		✓ Active
Confidentiality Agreement acknowledged by contractors
The company requires contractors to sign a confidentiality agreement at the time of engagement. 		✓ Active
Confidentiality Agreement acknowledged by employees
The company requires employees to sign a confidentiality agreement during onboarding. 		✓ Active
Password policy enforced
The company requires passwords for in-scope system components to be configured according to the company's policy. 		✓ Active
Security awareness training implemented
The company requires employees to complete security awareness training upon hire and at least annually thereafter. 		✓ Active
Established HIPAA compliance team
A team has been deemed responsible for implementing and maintaining HIPAA compliance efforts. 		✓ Active
Employee sanctions in place
The company enforces sanctions against employees who fail to comply with privacy policies. 		✓ Active
Signed Business Associate Agreements
The company ensures that all partners and vendors comply with HIPAA regulations through formal agreements 		✓ Active

Product Security

Control Status
Data encryption utilized
The company's datastores housing sensitive customer data are encrypted at rest. 		✓ Active
Control self-assessments conducted
The company performs control self-assessments at least annually to gain assurance that controls are in place and operating effectively. Corrective actions are taken based on relevant findings. 		✓ Active
Data transmission encrypted
The company uses secure data transmission protocols to encrypt confidential and sensitive data when transmitted over public networks. 		✓ Active
Vulnerability and system monitoring procedures established
The company's formal policies outline the requirements for vulnerability management and system monitoring. 		✓ Active
Application user authentication
The company has implemented mechanisms to authenticate ePHI access by each user. 		✓ Active
Emergency access procedures
The company established procedures for obtaining necessary ePHI during an emergency. 		✓ Active
Automatic logoff mechanisms
The company has implemented electronic procedures that terminate an electronic session after a predetermined time of inactivity. 		✓ Active

Internal Security Procedures

Control Status
Configuration management system established
The company has a configuration management procedure in place to ensure that system configurations are deployed consistently throughout the environment. 		✓ Active
Change management procedures enforced
The company requires changes to software and infrastructure components to be authorized, documented, tested, reviewed, and approved prior to being implemented in production. 		✓ Active
Production deployment access restricted
The company restricts access to migrate changes to production to authorized personnel. 		✓ Active
Whistleblower policy established
The company has established a formalized whistleblower policy, and an anonymous communication channel is in place for users to report potential issues or fraud concerns. 		✓ Active
Organization structure documented
The company maintains an organizational chart that describes the organizational structure and reporting lines. 		✓ Active
Roles and responsibilities specified
Roles and responsibilities for information security controls are formally assigned in job descriptions and/or policies. 		✓ Active
Support system available
The company has an external-facing support system that allows users to report system information on failures, incidents, and concerns. 		✓ Active
Access requests required
The company ensures that user access to systems is based on job role or requires a documented access request and manager approval. 		✓ Active
Third-party agreements established
The company has written agreements in place with vendors and third-parties including confidentiality and privacy commitments. 		✓ Active
Risk analysis and management established
The company conducts regular assessments to identify risks to the confidentiality, integrity, and availability of ePHI. 		✓ Active
Security incident procedures documented
The company developed and implemented procedures to address security incidents. 		✓ Active
Contingency planning protocol set up
The company ensures backups and emergency operations plans are in place for ePHI systems. 		✓ Active

Data & Privacy

Control Status
User data deleted upon request
The company purges or removes customer data containing confidential information from the application environment when customers leave the service. 		✓ Active
Minimum necessary use and disclosure
The company has implemented procedures for using and disclosing only the minimum amount of ePHI necessary. 		✓ Active
Established patient access rights
The company has established procedures for patients to review, obtain, and request amendments to their ePHI. 		✓ Active
Empowering BCBAs, RBTs, and parents with innovative AI-powered tools to deliver quality behavioral intervention and transform lives.

Services

Quick links

Contact Info

1 W Campbell Ave, Campbell, CA 95008

© 2025 AutismLinkage. All Rights Reserved.
HIPAA Compliant
256-bit Encryption
COPPA Compliant
Secure by Design