Data encryption Policy

1. Introduction

HealthOS is committed to ensuring the confidentiality, integrity, and availability of Protected Health Information (PHI) through comprehensive data encryption measures. We align with industry standards to provide world-class security and privacy controls for our customers globally, including in India.

2. Scope

This policy applies to all systems, personnel, processes, and data under the control of HealthOS that interact with or store PHI or other sensitive healthcare data.

3. Safeguards Implemented

• Administrative Safeguards: Role-based access, regular Data encryption training, incident response plans, and vendor agreements.
• Physical Safeguards: Secure data center access, device management, encrypted backups.
• Technical Safeguards: End-to-end encryption, audit logging, multi-factor authentication, data loss prevention tools.

4. Data Access & Usage

Access to PHI is limited to authorized personnel only and is based on job responsibilities. All data is encrypted at rest and in transit using industry-standard protocols such as AES-256 and TLS 1.2+.

5. Data Hosting

Our infrastructure is hosted on Data encryption-compliant cloud providers with secure storage, access controls, disaster recovery, and regular audits. We sign Business Associate Agreements (BAAs) with cloud vendors where applicable.

6. Patient Rights

We support healthcare providers in enabling patient rights through Data encryption measures, including access, amendment, and accounting of disclosures. HealthOS acts as a data processor and does not directly interact with patients.

7. Children’s Data (Minors)

HealthOS is used by pediatricians and child specialists who manage data of patients under the age of 18. All such data is handled with additional security and is accessible only by licensed professionals with proper consent. We do not directly collect data from minors.

8. Breach Notification

In the event of a data breach involving PHI, HealthOS will notify all affected customers and regulatory authorities (as per applicable jurisdiction) within the required timeframe, and will fully cooperate during investigations.

9. Employee Training

All HealthOS employees undergo mandatory Data encryption training during onboarding and annually thereafter. Access to PHI is granted only to staff who have completed training and signed confidentiality agreements.

10. Compliance Review & Audits

We conduct regular internal reviews, risk assessments, and third-party audits to ensure ongoing compliance with Data encryption and data privacy standards. Logs and documentation are maintained securely.