Healthy.io expects new employees to undergo an onboarding process that includes security and privacy guidelines, expectations, and code of conduct. They must also sign Healthy.io’s Acceptable Use Policy.
All Healthy.io employees undergo monthly security awareness training. Employees exposed to sensitive patient information are trained annually on HIPAA. Healthy.io executes bi-monthly phishing campaigns to measure the effectiveness of training.
All employees receive security awareness training, and Healthy.io keeps attendance records. The Healthy.io CISO and Privacy Team also present ad-hoc training sessions to review topics such as HIPAA and information security.
Healthy.io employees working with systems and data are formally aware of and educated about the security policies and procedures they must comply with from their first day at the Company.
Every employee, including Healthy.io engineers, undergo dedicated cyber-security training that contains many important topics such as HIPAA Security, Business Continuity, Securing PII/PHI, Secure System Development Lifecycle (SDLC), Privacy by Design, and more.
Healthy.io training includes HIPAA, HITECH, Omnibus, Texas HB 300, and Confidentiality of Medical Information Act (CMIA). All users receive appropriate awareness training and regular updates about Healthy.io policies and procedures relevant to their job function.