Documentation in Adult Family Homes involves handling Protected Health Information (PHI). AFH Chart is architected from the ground up to support and maintain compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security and Privacy Rules. Below are the specific technical and administrative controls embedded in our software.
1. Technical Safeguards
- Role-Based Access Control (RBAC): The portal separates users into four roles (Owner, Admin, Caregiver, Viewer). Access to critical administrative configurations, staff records, and database logs is strictly limited to Owners and Admins. Viewers are restricted to read-only views.
- Automatic Session Locks: The portal contains automatic timeouts. If caregivers leave a terminal inactive, the software blocks access to prevent unauthorized viewing.
- Encrypted Data Transfer: All communications between user browsers and cloud backup targets are encrypted in transit using industry-standard Secure Sockets Layer/Transport Layer Security (SSL/TLS 1.2 or higher).
2. Audit Controls & Documentation Security
HIPAA requires that all modifications to medical charts and electronic health records be securely logged. AFH Chart meets this requirement through a persistent **Audit Log Manager**:
- Every action (including logging medication passes, completing shift checklists, editing resident vitals/diets, and modifying caregiver access) is recorded in a tamper-resistant historical table.
- Logs capture: **Actor name**, **Action type**, **Detailed payload**, and **Exact UTC timestamp**.
- Audit logs are visible exclusively to Owners and Admins, preventing alterations or deletions by unauthorized personnel.
3. Administrative Safeguards
While AFH Chart provides the necessary software infrastructure to protect PHI, licensed facility operators must enforce local administrative rules:
- Ensure all CNAs and staff are trained on privacy procedures.
- Immediately deactivate a caregiver's account inside the portal if they leave the company.
- Avoid utilizing shared, single-profile accounts for multiple staff members.
4. Business Associate Agreement (BAA)
For Professional and Enterprise subscribers utilizing our cloud-sync environments, AFH Chart signs a Business Associate Agreement (BAA) to formalize our shared HIPAA compliance responsibilities. Contact our compliance department at compliance@afhchart.com to request a copy.