HIPAA

We implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI we handle.

We conduct regular risk analyses to identify potential risks to PHI and implement security measures to reduce these risks to acceptable levels.

All our employees undergo comprehensive training on HIPAA regulations and understand their roles in protecting PHI.

We enter into BAAs with all vendors and partners who may have access to PHI, ensuring they are also compliant with HIPAA requirements.

We have established procedures for responding to PHI breaches or security incidents, including notification procedures in compliance with HIPAA regulations.

We implement strict access controls to ensure that only authorized personnel can access PHI, based on the principle of minimum necessary use.

We maintain extensive audit logs to monitor access to and activity involving PHI, allowing for comprehensive oversight and review.

We prioritise data sovereignty by ensuring all our data is locally hosted within the United States. This practice enhances data security and speeds, while also ensuring compliance with US data protection regulations.