GDPR Compliance

Secure AI Labs is actively pursuing HITRUST certification with GDPR compliance.

Secure AI Labs’s responsibilities as a Controller under GDPR

Secure AI Labs’ responsibilities as a Controller under GDPR can be found here.

Security Organization

Secure AI Labs’s security organization is managed by the Security Lead and Data Protection Officer. Secure AI Labs follows GDPR, HIPAA and HITRUST information security control frameworks for the Unified Patient Registry and company environments. Secure AI Labs performs annual assessments of the security controls in accordance with the control frameworks.

Secure AI Labs Onboarding and Training

All Secure AI Labs personnel are subject to background checks before access to company information systems containing personal data (PHI and PII). During the onboarding process, all personnel receive security training and security training is refreshed annually for all employees.

Non-Compliance and Sanctions

Secure AI Labs adopted information security policies and procedures that follow GDPR, HIPAA and HITRUST frameworks. Any personnel who fail to comply with Secure AI Labs’s information security policies are subject to sanctions.

Access

Secure AI Labs does not have access to any personal data (PHI or PII) from any customers at any time, including IT administrators and software developers, nor does Secure AI Labs store any personal data – as soon as a user terminates a session within the Unified Patient Registry, any and all data used for computations is deleted.

Incident Response, Business Continuity and Disaster Recovery

Secure AI Labs has documented and implemented incident response, business continuity and disaster recovery plans to ensure the Unified Patient Registry platform resume operation in a timely manner in the event of a disruption. Secure AI Labs tests and monitors the effectiveness of its business continuity and disaster recovery plans at least annually.

Network Security

All data is protected by encryption in transit over all networks. Data at rest is protected by strong encryption and additional security controls, including segmented networks, tiered architecture, firewalls, anti-malware protections, and the limiting of port access.

Portable Devices

Secure AI Labs will not store unencrypted personal data on any portable computer devices at any time.