Healthy.io has created a comprehensive privacy governance program to ensure compliance with applicable laws and regulations relating to the processing of Personal Data (also sometimes known as Personal Information). Healthy.io’s privacy governance program is tailored to meet our operational structure, scale, volume, and sensitivity. Healthy.io monitors the applicability of its Privacy governance program and periodically updates it.
When required, Healthy.io obtains consent before it collects any Personal Data. Healthy.io has established a formal records document retention program. It implements specific controls for record storage, access, retention, and destruction.
Healthy.io issues guidelines on the ownership, classification, retention, storage, handling, and disposal of all records and information. Designated senior management within Healthy.io periodically reviews and approves the security categorizations and associated guidelines.
The public has access to information about Healthy.io's security and privacy activities (via our privacy notice) and is able to communicate with its senior security official and senior privacy official.
Healthy.io configures workstations that can access electronically protected health information with specifications that address:
What proper functions to perform;
How to perform those functions;
Physical attributes of the surroundings.
Healthy.io has formally appointed a data protection officer (DPO) responsible for the privacy of Personal Data. It protects records with sensitive Personal Data during transfer to organizations lawfully collecting such information. It keeps Personal Data storage to a minimum and specifies where to store it. It protects the confidentiality and integrity of Personal Data at rest using an encryption method appropriate to the medium where it is stored.