Contact Us
Back to Home

Acceptable Use Policy

Effective Date: February 6, 2026

1. Purpose and Scope

This Acceptable Use Policy (the "Policy") establishes guidelines for appropriate use of the AidiN Health platform (the "Service") and is designed to protect the security, integrity, and compliance of the Service and the sensitive health information it processes.

This Policy applies to all users of the Service, including healthcare providers, laboratories, authorized business associates, and any other individuals or entities that access or use the Service. All users must comply with this Policy and the Terms of Service. As a HIPAA-covered entity and Business Associate, AidiN Health is committed to maintaining the confidentiality, integrity, and availability of all Protected Health Information (PHI) and personally identifiable information (PII) processed through the Service.

2. Authorized Users

The Service is intended for use by the following categories of authorized users:

  • Healthcare providers (physicians, hospitals, clinics, urgent care facilities)
  • Laboratory and diagnostic facilities
  • Authorized business associates and service providers with proper Business Associate Agreements (BAAs)
  • Healthcare claims processors and revenue cycle management professionals
  • Benefits eligibility and coverage verification specialists
  • Claims management and status tracking personnel

All users must verify their identity and maintain confidentiality of their login credentials. Unauthorized access or use by non-authenticated users is strictly prohibited.

3. Acceptable Use

Users may utilize the Service solely for the following legitimate healthcare and business purposes:

  • Processing and managing healthcare claims for payment
  • Verifying patient benefits eligibility and coverage information
  • Discovering and identifying applicable health insurance coverage and benefits
  • Tracking claim status and monitoring claim processing
  • Managing and processing electronic remittance advice (ERA) and explanation of benefits
  • Performing revenue cycle management activities
  • Preventing and addressing claim denials through denial management
  • Supporting healthcare operations and provider reimbursement processes
  • Complying with healthcare regulations and contractual obligations
  • Conducting authorized administrative and operational functions

4. Prohibited Activities

4.1 Unauthorized Access and Security Breaches

  • Attempting to gain unauthorized access to the Service or any accounts, systems, or data
  • Attempting to breach, circumvent, or penetrate security measures or protective systems
  • Accessing or using the Service without proper authentication or authorization
  • Sharing login credentials or authentication tokens with unauthorized individuals
  • Using another person's account or credentials without explicit authorization
  • Attempting to identify vulnerabilities or security weaknesses in the Service

4.2 Unlawful and Fraudulent Activities

  • Using the Service for any unlawful, illegal, or fraudulent purposes
  • Engaging in healthcare fraud, abuse, or waste
  • Misrepresenting identity, credentials, professional status, or authorization level
  • Falsifying or altering medical records, claims data, or health information
  • Submitting false or fraudulent claims or reimbursement requests
  • Engaging in any conduct that violates anti-kickback statutes or similar healthcare regulations

4.3 Credential Sharing and Unauthorized Access

  • Sharing authentication credentials with other users or third parties
  • Granting access to the Service to unauthorized individuals or entities
  • Allowing multiple users to share a single account or login
  • Failing to maintain adequate safeguards over account credentials and login information

4.4 Malware and Malicious Code

  • Uploading, transmitting, or introducing malware, viruses, worms, or other malicious code
  • Engaging in denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks
  • Attempting to inject malicious code or scripts into the Service
  • Knowingly transmitting files containing malicious content

4.5 Data Scraping and Unauthorized Collection

  • Scraping, crawling, or systematically extracting data from the Service
  • Using automated tools, bots, or scripts to collect data without authorization
  • Attempting to perform bulk downloads of data or information
  • Circumventing rate limits or access controls to collect unauthorized data

4.6 Improper PHI and Data Access

  • Accessing Protected Health Information (PHI) beyond the scope of authorization
  • Viewing, downloading, or exporting PHI without a legitimate healthcare purpose
  • Using PHI for purposes other than those specified in the authorization or business agreement
  • Accessing PHI of individuals unrelated to direct patient care or claim processing
  • Retaining PHI longer than necessary for the specified purpose

4.7 Unauthorized Marketing and Disclosure

  • Using patient information or PHI for marketing purposes without proper authorization
  • Selling, trading, or transferring PHI to third parties without authorization
  • Disclosing confidential health information to unauthorized recipients

4.8 Service Disruption and Interference

  • Interfering with, disrupting, or degrading the performance or functionality of the Service
  • Attempting to modify, reverse engineer, or decompile the Service or its code
  • Circumventing access controls or authentication mechanisms
  • Performing load testing or stress testing without explicit written authorization

4.9 Regulatory Violations

  • Violating HIPAA Privacy Rule, Security Rule, or Breach Notification Rule requirements
  • Failing to comply with HITECH Act obligations
  • Violating state privacy laws, genetic privacy laws, or mental health confidentiality laws
  • Violating CMS regulations or CMS program integrity requirements
  • Failing to maintain required Business Associate Agreements for data access

4.10 Misrepresentation and Unauthorized Use

  • Misrepresenting professional credentials, licensing, or authorization status
  • Using the Service on behalf of an organization without proper authorization
  • Accessing the Service outside the scope of an employment or service relationship

4.11 Competitive Analysis and Unauthorized Research

  • Using the Service to conduct competitive analysis or intelligence gathering
  • Performing benchmarking without explicit written authorization
  • Conducting research or studies using Service data without authorization and proper data use agreements

5. PHI and Data Handling Requirements

Users must comply with all applicable regulations and requirements regarding Protected Health Information:

  • Access PHI only to the minimum extent necessary to accomplish authorized purposes (minimum necessary principle)
  • Maintain detailed audit trails and logs of PHI access and use
  • Implement and maintain access controls to restrict PHI to authorized personnel
  • Use encryption for PHI in transit and at rest
  • Promptly report any unauthorized access, use, or disclosure of PHI
  • Securely dispose of PHI when no longer required for business purposes
  • Maintain confidentiality agreements with all workforce members who access PHI
  • Comply with data retention and destruction policies
  • Ensure that Business Associate Agreements are executed before any PHI access

6. Security Requirements

6.1 Password and Authentication Requirements

  • Use strong, unique passwords meeting organizational security standards (minimum 12 characters, mixed character types)
  • Change passwords regularly and never reuse previous passwords
  • Never share passwords with other individuals or store passwords in unsecured locations
  • Implement multi-factor authentication (MFA) where required by your account settings

6.2 Multi-Factor Authentication (MFA)

  • Enable and maintain MFA on all accounts that process PHI or access sensitive data
  • Use authenticator apps, hardware tokens, or other approved MFA methods
  • Securely store and protect MFA backup codes and recovery options

6.3 Session Management

  • Maintain active sessions only for the duration required to complete authorized tasks
  • Automatically log out of the Service after periods of inactivity
  • Manually log out when accessing the Service from shared computers or public networks
  • Do not leave authenticated sessions unattended

6.4 Device and Network Security

  • Access the Service only from secure, organization-controlled devices
  • Keep operating systems, browsers, and security software current with latest security patches
  • Use only secure, encrypted networks (HTTPS/TLS) when accessing the Service
  • Avoid accessing the Service from public or unsecured wireless networks
  • Maintain endpoint protection and malware detection software

7. Monitoring and Enforcement

AidiN Health actively monitors and logs all access to and use of the Service. Monitoring includes:

  • Comprehensive audit logging of all user authentication and access events
  • Tracking of all PHI access, viewing, and data retrieval activities
  • Monitoring for suspicious activities, unauthorized access attempts, or anomalous usage patterns
  • Analysis of data export and download activities
  • Real-time alerts for suspicious or prohibited activities

All monitoring is conducted in compliance with applicable privacy laws and employee privacy regulations. Users should have no expectation of privacy when using the Service.

8. Reporting Violations

If you suspect a violation of this Acceptable Use Policy, please immediately report it to AidiN Health at legal@aidin.health. Reports should include:

  • A detailed description of the suspected violation
  • The date and time the violation occurred
  • The user account or individual involved (if known)
  • Any supporting documentation or evidence
  • Your contact information for follow-up questions

AidiN Health will investigate all reports in a timely manner and take appropriate corrective action. We maintain a policy of non-retaliation against individuals who report violations in good faith.

9. Consequences of Violations

9.1 Progressive Disciplinary Action

  • Written warning for minor first-time violations
  • Mandatory security training or policy education
  • Temporary suspension of account access or Service privileges
  • Permanent termination of account and Service access
  • Revocation of user privileges and credentials

9.2 Legal and Regulatory Consequences

  • Legal action to enforce compliance with this Policy and applicable agreements
  • Reporting to healthcare regulatory authorities, state boards, or law enforcement as required by law
  • Notification to HIPAA enforcement authorities if a breach or violation involves PHI
  • Compliance with mandatory breach notification requirements

9.3 Business and Financial Consequences

  • Termination of service agreements and contracts
  • Assessment of financial penalties or fees as permitted by service agreements
  • Liability for damages resulting from violations
  • Recovery of investigation and remediation costs

10. Modifications to Policy

AidiN Health reserves the right to modify this Acceptable Use Policy at any time. Changes will be effective upon posting to the Service or upon notification to users. Continued use of the Service following notification of changes constitutes acceptance of the revised Policy.

For questions about this Acceptable Use Policy, please contact us at legal@aidin.health.

Last Updated: February 6, 2026