Personal data processed by the Upheal platform is stored in a pseudonymized format. This means that personal data is not stored in its original form but is instead replaced with a pseudonym or a random identifier. This process ensures that personal data is not directly identifiable, reducing the risk of unauthorized access to sensitive information.

​

For confidentiality of client information, Upheal implements a strong security culture and access management protocols to effectively prevent unauthorized access to data. Access to personal data is strictly controlled and limited to individuals who require access to perform their job functions. All access to personal data is logged and monitored, and access rights are reviewed regularly to ensure that they are appropriate and up-to-date.

Read about more ways we protect data.

Upheal only accesses a client’s protected health information (PHI) when it’s necessary in investigating a technical issue that you report to Upheal Support. Most technical problems are solved without any access to PHI, but sometimes, we need to see some details to understand exactly what went wrong. The Upheal employees who may access PHI are HIPAA-trained engineers. They do not share, sell, or expose your data to others.

Reporting a technical issue includes:

When you report a technical problem that requires access to PHI, an engineer who works for Upheal — a human, not AI or a computer system — personally inspects only the data necessary to investigate and solve the issue. The data accessed is not used for anything besides solving the problem. As soon as the issue is resolved, Upheal immediately stops accessing the PHI.