Healthy.io formally addresses multiple safeguards before allowing the use of information systems for information exchange. It uses cryptography to protect the confidentiality and integrity of remote access sessions to the internal network and external systems. It uses strong cryptography protocols to safeguard covered information during transmission over less trusted or open public networks.
Healthy.io ensures that communication protection requirements, including the security of information exchanges, are the subject of policy development and compliance audits. Healthy.io bases remote (external) access to its information assets and external information assets (over which it has no control) on clearly defined terms and conditions.
The information system prohibits remote activation of collaborative computing devices and provides an explicit indication of use to users physically present at them. It addresses legal considerations, including requirements for electronic signatures. It implements stronger levels of authentication to control access policies from publicly accessible networks and substantial controls to protect specific electronic messages throughout its end-to-end transport path using cryptographic mechanisms unless protected by alternative measures.
Healthy.io never sends unencrypted sensitive information by end-user messaging technologies or PII/PHI over facsimile (FAX). It maintains security through all aspects of the transaction. It secures protocols used to communicate between all involved parties using cryptographic techniques. It uses encryption to protect covered information on mobile/removable media and across communication lines based on predetermined criteria. It also implements appropriate safeguards for cross-border flows of personal data, as stipulated in the EU GDPR. Healthy.io maintains records of the basis used to authorize cross-border flows of personal data to a third country or international organization.