Abstractive Health, Security and Privacy

Abstractive Health’s Security and Privacy team establishes policies and controls, monitors compliance with those controls, and works with third party auditors to ensure we are HIPAA and SOC 2 Type II compliant.

‍

Our policies are based on the following principles:

Abstractive Health is committed to protecting the security, confidentiality, integrity, availability, and privacy of its information resources including PHI. PHI is an asset and shall be managed to ensure its security, confidentiality, integrity, availability, and privacy are maintained and used for authorized purposes.

Any requests for data access at Abstractive Health shall be granted only to individuals that meet the minimal access philosophy.

Security controls should be implemented and layered according to the principle of defense-in-depth.

Security controls should be applied consistently across all areas.

Security Assessment & Training

Abstractive Health maintains a SOC 2 Type II attestation. If you would like to see the report, contact us.

All employees undergo general security training and HIPAA security training upon onboarding and annually.

Abstractive Health uses Vanta to continuously monitor and scan for vulnerabilities.