View Certifications and Cost Disclosures

Welcome to our Cost Disclosures and Compliance Information page. Here, you will find clear, detailed information on our capabilities, service offerings, and associated costs. We are committed to transparency and regulatory compliance, ensuring that all fees, charges, and costs are disclosed in alignment with government regulations.

Capability	Description of Capability	Costs or Fees
Electronic Medical Record [Associated certification criteria: 170.315(b)(10),(d)(12), (d)(13), (g)(4), and (g)(5)]	AENTE provides unified access to all patient health records through a single, intuitive portal that is accessible anytime, anywhere. The platform offers one-click sharing, enabling doctors to instantly share medical information with patients or other health professionals, with the option to set expiration dates for added security. Select information on the platform is encrypted, ensuring the confidentiality of personal data for patients, their dependents, and pets. Electronic Medical Records (EMRs) can be downloaded or shared in various formats, such as PDF, XML, or JSON, and can also be automatically shared within the AENTE portal from patients to providers that share the same account where the appointment or service was provided. This seamless system guarantees the privacy and security of medical records while making healthcare management efficient and convenient.	Our pricing includes a straightforward, one-time fee that covers implementation, data transfers, and processing from digital formats like XML, CSV, SQL, JSEN, and TXT. For data cleaning from non-digital formats such as PDF, PNG, and JPEG, there is a single additional fee. We also offer a one-time licensing fee, and to ensure your system stays up to date, a monthly maintenance fee is included for software updates. All costs are conveniently structured per NPI or NPI-2 provider.
Appointment Scheduling and Teleheath Consultations [Associated certification criteria: 170.315(d)(12), (d)(13), (g)(4), and (g)(5)]	Track all appointment details and patient history with a single click. Access patient interactions, EMR, notes, clinician orders and referrals seamlessly. Schedule online appointments with our Telehealth consultation feature.	Pricing for Appointments is included in the Monthly Subscription/Maintenance Fee. At no extra cost, Twilio Inc. is utilized for servers for video processing of teleconference via API.
Billing and Financial Management Integrated Billing System [Associated certification criteria: 170.315(d)(12), (d)(13), (g)(4), and (g)(5)]	Simplify your claim processes with AENTE’s integrated medical billing system. All services have procedures and workflow to track resources or services. Connect providers directly with billing and clearing house while fulfilling new patient transparency requirements. Expedite approvals and payment: Ensure clarity and transparency in your billing processes, reducing disputes and enhancing patient trust.	Pricing for Billing and Financial Management is included in the Monthly Subscription/Maintenance Fee.
Communications [Associated certification criteria: 170.315(d)(12), (d)(13), (g)(4), and (g)(5)]	Communications include text and email for appointment reminders and confirmations. **SMS and Email is utilized for Multi-Factor Authentication to confirm new profiles, password resets, and for user log-in.	Twilio Inc. is utilized for SMS verification as part of our multi-factor authentication process. 500 text messages included at no extra charge per month. After that there is an extra cost per 100 messages. **Profile confirmation, password resets, and user log-ins cost is included in the monthly Subscription.

Disclaimer and Product Information

ONC Disclaimer:

This Health IT Module is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.

Vendor/Developer Name:	Aente Inc
Product Name and Version	Aente - 3
Certification Date	TBD
Certification Number	TBD
Certification Criteria	170.315(b)(10)c Electronic Health Information Export 170.315(d)(12)c Encrypt Authentication Credentials- SD 170.315(d)(13) Multi-Factor Authentication- SD 170.315(g)(4) Quality Management System 170.315(g)(5) Accessibility-centered Design

ONC Accessibility-Centered Design Certification Documentation

1. Overview

Health IT Product Name: AENTE INC. Certification Criterion: Accessibility-Centered Design
Agile Framework: Kanban
Purpose: This document outlines how accessibility-centered design standards or laws were incorporated into the Agile Kanban workflow during the development, testing, implementation, and maintenance.

2. Accessibility Standards or Laws Used

Standard or Law: [ISO 9001 with Agile, Kanban/Jira, Github]
Applicability:
Customer Focus: Ensure your health IT product addresses accessibility needs effectively.
Leadership: Involve stakeholders in prioritizing and reviewing accessibility standards.
Engagement of People: Empower your Agile team to own accessibility tasks and quality improvements.
Process Approach: Use Kanban to visually track and manage processes related to accessibility compliance.
Improvement: Continuously update your backlog with accessibility enhancements.
Evidence-Based Decision Making: Use testing data and customer feedback to make informed decisions.
Relationship Management: Engage with stakeholders (e.g., end-users, certifiers, and regulators) to meet and exceed accessibility requirements.

3. Agile Kanban Workflow for Accessibility

To ensure compliance with accessibility standards, our development team has implemented a structured Agile Kanban workflow. This process is designed to incorporate accessibility-centered design principles into every phase of development, from planning to maintenance. By leveraging the Kanban framework, we effectively track, prioritize, and resolve accessibility-related tasks while maintaining alignment with WCAG 2.1 AA guidelines and other relevant standards.

Kanban Columns:

Backlog: Accessibility requirements and tasks are added as user stories or backlog items.
In Progress: Tasks related to accessibility (e.g., compliance testing, ARIA implementation) are tracked during active development.
Testing: Accessibility compliance for manual and automated testing.
Review: Accessibility completed by second tier testing.
Blocked: Issues may be blocked for review that may include cancellatio.
Denied: Accessibility compliance is reviewed before moving to the Done column.
To Do: New issues that are not assigned and still in refinement.
Done: Accessibility-related tasks are verified as complete.

Multi-Factor Authentication (170.315(d)(13))

Internal Review and Conformance

Date of Internal Review: December 9, 2024
Attestation: Yes, the product supports the authentication, through multiple elements, of the user’s identity with the use of industry-recognized standards.

Description of Multi-Factor Authentication (MFA) Implementation

AENTE implements Two-Step Verification via SMS or Email, combined with password-based authentication and device trust functionality, to enhance security and verify user identity. This approach uses multiple layers of security to protect user accounts and sensitive data.

Authentication Workflow

Account Setup
- Customers create an account with a password that is securely hashed using the SHA-256 algorithm.
- Passwords are never stored in plain text and are salted to enhance security.
Login with Two-Step Verification
- Customers log in using their username and password.
- If the login is from a new or untrusted device, customers are prompted to verify their identity using a two-step verification code sent via SMS or email.
  - Process:
    1. The system generates a unique verification code.
    2. The code is sent to the customer’s registered email address or phone number via SMS.
    3. Customers must enter the code to complete the login process.
- Customers can choose to mark the device as “trusted” to skip the second step in future logins. Trusted devices are tied to the user’s account and can be reviewed or revoked in the settings.
New Login Detection
- If a login is detected from a new device, an email notification is automatically sent to the customer.
  - Notification Details: The email includes the location, IP address, and timestamp of the login attempt, enabling customers to detect unauthorized access promptly.
Account inactivate
- After 15 minutes of account inactivate the user is automatically logged out from the system.

Security Features

Password Management:
- Passwords are securely hashed using SHA-256 with a salt to prevent brute-force attacks.
Verification Code Expiry:
- Verification codes are valid for a limited time (e.g., 5 minutes) to minimize the risk of interception or misuse.
Device Trust Management:
- Customers can view and manage their trusted devices through the user interface, with the option to revoke access to any device.
Login Activity Monitoring:
- Login attempts are logged and monitored for suspicious activity, triggering notifications to customers.
Encryption Standards:
- All SMS and email communications are transmitted securely using TLS encryption.
Audit Trail: All MFA-related events (e.g., verification code sent, device marked as trusted, new login detected) are logged for auditing purposes.

Supported Use Cases

Primary Authentication with Two-Step Verification:
- Customers authenticate using their password and a verification code sent via SMS or email.
- Example Scenario: Logging in from a public computer.
New Login Detection and Notification:
- Customers are notified via email when a new login is detected, providing them with actionable details.
- Example Scenario: Suspicious login attempt from an unfamiliar IP address.

Public Hyperlink to Use Cases

A detailed description of these use cases is available at the following link:
Multi-Factor Authentication Use Cases