top of page

Freed Privacy & Security

Clinician and patient trust is of the highest priority at Freed. We hold ourselves accountable

to a HIPAA-compliant data storage and processing protocol for all data captured and

shared through our platform.

Internal Personnel Security

All Freed employees are required to:

  • Undergo background checks before being hired

  • Complete annual security awareness training on HIPAA, privacy, and information classification

 

Compliance

  • Freed conducts regular risk assessments to ensure policies remain up-to-date and relevant

  • Our CEO is responsible for Privacy and Security

 

Secure Development Lifecycle

  • All software changes are reviewed for compliance

  • Freed practices infrastructure-as-code. All infrastructure changes are reviewed before deployment

  • All engineers complete secure development practices training

 

Cloud Hosting and Availability

  • All hosting services and data is stored and processed within Microsoft’s Azure secure data centers

  • Freed has a HIPAA Business associate agreement with Microsoft

  • Freed leverages Azure’s high-availability infrastructure to ensure the data is always accessible

 

Confidentiality and Data Encryption

  • All data is encrypted at-rest and in-transit using standard encryption schemes

​

Vendor Management

  • All Vendors who may process patient information are required to be HIPAA compliant and sign BAAs with Freed

  • Freed regularly reviews vendor security practices to ensure continued high standards

 

Artificial Intelligence

  • All AI models are HIPAA compliant and don’t retain data

  • Protected health information is never used for AI training purposes

 

Patient Information

  • Patient information is encrypted at-rest and in-transit

  • Patient recordings are never stored to disk and are immediately deleted upon successful note generation

  • All patient information is retained for a backup period of 30 days after which it is deleted

bottom of page