Personal data processed by the Upheal platform is stored in a pseudonymised format. This means that personal data is not stored in its original form but is instead replaced with a pseudonym or a random identifier. This process ensures that personal data is not directly identifiable, reducing the risk of unauthorized access to sensitive information.
For confidentiality of client information, Upheal implements a strong security culture and access management protocols to effectively prevent unauthorized access to data. Access to personal data is strictly controlled and limited to individuals who require access to perform their job functions. All access to personal data is logged and monitored, and access rights are reviewed regularly to ensure that they are appropriate and up-to-date.
Upheal shall only access PHI of a client only if the therapist provides explicit consent for such access. Upheal shall obtain this consent in writing, and shall not access the PHI until such consent is obtained. The therapist shall have the right to revoke their consent at any time, and upon revocation, Upheal shall immediately cease accessing the PHI.