Security

Updated June 6th, 2022
Your security and privacy are of utmost importance to Secure AI Labs.

The Unified Patient Registries provide privacy enhanced computing:

  • Federated Analytics computations performed in a Secure Trusted Execution Environment
  • Highly regulated computational environment which runs only trusted computational payloads using privacy enforcing technology
  • Access control policies coupled with end-to-end encryption ensuring that data is accessible only to authorized parties
  • High-assurance auditing

Secure AI Labs’ is actively pursuing HITRUST certification and plans to be HITRUST certified, and HIPAA and GDPR compliant by Q1 2023.

Customer Integration

Secure AI Labs platform is a fully hosted high-assurance Trusted Execution Environment that requires no customer-side installation.

All Secure AI Labs’ payloads are hosted within the Microsoft Azure cloud using Azure Confidential Computing which is HIPAA compliant. Customers can select hosting regions to enforce jurisdictional requirements.

In Progress

HITRUST

We are actively pursuing HITRUST certification and plan to be HITRUST certified by Q1 2023

HIPAA

Achieved Compliance August, 2022

Our team has partnered with Layer 8 Security, a HITRUST-approved HITRUST External Assessor, to complete the HIPAA Security Rule Assessment.

In Progress

GDPR

Secure AI Labs is actively pursuing HITRUST certification with GDPR compliance. Additional GDPR documentation and technical information for EU customers can be found here.

Risk Management

Our risk management policy covers the administrative, physical, and technical processes that enable and govern any PHI and PII that is created, maintained, received, or transmitted by Secure AI Labs.

Incident Response, Disaster Recovery and Business Continuity Plans

IR, DR, and BC plans are in implemented at Secure AI Labs. These plans are tested and reviewed at least annually in compliance with industry best practices.

Information Security Management Program

We have documented and implemented an ISMP following HIPAA, GDPR and HITECH control framework.

Data Encryption

Data Encryption architecture is employed in the Unified Patient Registry.

Privacy and Security Training

All employees are required to undergo security and privacy training through a designated third-party. Training initially takes place as part of the onboarding process and all employees receive annual training.

Employee Background Checks

Background checks are performed on all Secure AI Labs employees during the hiring process.

For questions about Secure AI Labs’ privacy and security policies, please contact security@secureailabs.com.

GDPR Data Subject Requests