Skip to main content
All CollectionsCompliance
Freed Privacy and Security (HIPAA)
Freed Privacy and Security (HIPAA)
Updated over a week ago

Freed Privacy & Security

Clinician and patient trust is of the highest priority at Freed. We hold ourselves accountable to a HIPAA-compliant data storage and processing protocol for all data captured and shared through our platform.

Internal Personnel Security

All Freed employees are required to:

  • Undergo background checks before being hired

  • Complete annual security awareness training on HIPAA, privacy, and information classification


  • Freed conducts regular risk assessments to ensure policies remain up-to-date and relevant

  • Our CTO is responsible for Privacy and Security

Secure Development Lifecycle

  • All software changes are reviewed for compliance

  • Freed practices infrastructure-as-code. All infrastructure changes are reviewed before deployment

  • All engineers complete secure development practices training

Cloud Hosting and Availability

  • All hosting services and data is stored and processed within Microsoft’s Azure secure data centers

  • Freed has a HIPAA Business Associate Agreement with Microsoft

  • Freed leverages Azure’s high-availability infrastructure to ensure the data is always accessible

Confidentiality and Data Encryption

  • All data is encrypted at-rest and in-transit using standard encryption schemes

Vendor Management

  • All Vendors who may process patient information are required to be HIPAA compliant and sign BAAs with Freed

  • Freed regularly reviews vendor security practices to ensure continued high standards

Artificial Intelligence

  • All AI models are HIPAA compliant and don’t retain data

  • Protected health information is never used for AI training purposes

Patient Information

  • Patient information is encrypted at-rest and in-transit

  • Patient recordings are temporarily saved in a secure and HIPAA-compliant manner until they are processed and then automatically deleted

  • Patient notes can be manually deleted at any time or set to automatically delete after 30 days

Additional Details

Did this answer your question?