Freed Privacy & Security
Clinician and patient trust is of the highest priority at Freed. We hold ourselves accountable
to a HIPAA-compliant data storage and processing protocol for all data captured and
shared through our platform.
Internal Personnel Security
All Freed employees are required to:
-
Undergo background checks before being hired
-
Complete annual security awareness training on HIPAA, privacy, and information classification
Compliance
-
Freed conducts regular risk assessments to ensure policies remain up-to-date and relevant
-
Our CEO is responsible for Privacy and Security
Secure Development Lifecycle
-
All software changes are reviewed for compliance
-
Freed practices infrastructure-as-code. All infrastructure changes are reviewed before deployment
-
All engineers complete secure development practices training
Cloud Hosting and Availability
-
All hosting services and data is stored and processed within Microsoft’s Azure secure data centers
-
Freed has a HIPAA Business associate agreement with Microsoft
-
Freed leverages Azure’s high-availability infrastructure to ensure the data is always accessible
Confidentiality and Data Encryption
-
All data is encrypted at-rest and in-transit using standard encryption schemes
​
Vendor Management
-
All Vendors who may process patient information are required to be HIPAA compliant and sign BAAs with Freed
-
Freed regularly reviews vendor security practices to ensure continued high standards
Artificial Intelligence
-
All AI models are HIPAA compliant and don’t retain data
-
Protected health information is never used for AI training purposes
Patient Information
-
Patient information is encrypted at-rest and in-transit
-
Patient recordings are never stored to disk and are immediately deleted upon successful note generation
-
All patient information is retained for a backup period of 30 days after which it is deleted