At Upheal, we are committed to protecting the data on our platform and have therefore implemented several measures to ensure its security. We understand that trust is critical in our industry, and we are therefore committed to protecting our customers' data:
HIPAA compliant. We comply with the strict standards set by the Health Insurance Portability and Accountability Act (HIPAA) to ensure the confidentiality, integrity, and availability of Protected Health Information (PHI). Learn more here.
GDPR compliant. We follow the data regulations established by the GDPR, UK GDPR and UK DPA to provide important security measures for the protection of personal data of individuals within the EU and UK. Combining US and EU standards, we also meet and exceed US state and federal laws for security and privacy of data.
SOC 2 compliance. Furthermore, we are working towards obtaining SOC 2, a globally recognized standard for organisational and technical security controls. SOC 2 compliance ensures that our security controls, policies, and procedures are designed to protect customer data against unauthorized access, disclosure, alteration, and destruction. In addition, we use AWS for our cloud infrastructure and storage, a highly secure and reliable vendor.
Availability of personal data. Upheal takes appropriate measures to ensure the availability of personal data. This includes implementing backup and disaster recovery procedures to ensure that personal data is available in the event of an unexpected outage or disaster.
Record-level encryption of customer PII and PHI data. This helps to protect data in case of a security breach and ensures that only authorized personnel can access the data.
Security incident readiness. In the event of a security incident, we have a security incident policy and protocol to follow to ensure fast resolution and mitigation of harm to personal data.
Upheal reviews the platform’s security regularly to ensure that it remains effective and up-to-date.