Freed Privacy & Security
Clinician and patient trust is of the highest priority at Freed. We hold ourselves accountable to a HIPAA-compliant data storage and processing protocol for all data captured and shared through our platform.
Internal Personnel Security
All Freed employees are required to:
Undergo background checks before being hired
Complete annual security awareness training on HIPAA, privacy, and information classification
Compliance
Freed conducts regular risk assessments to ensure policies remain up-to-date and relevant
Our CTO is responsible for Privacy and Security
Secure Development Lifecycle
All software changes are reviewed for compliance
Freed practices infrastructure-as-code. All infrastructure changes are reviewed before deployment
All engineers complete secure development practices training
Cloud Hosting and Availability
All hosting services and data is stored and processed within Microsoft’s Azure secure data centers
Freed has a HIPAA-compliant Business Associate Agreement with Microsoft
Freed leverages Azure’s high-availability infrastructure to ensure the data is always accessible
Confidentiality and Data Encryption
All data is encrypted at-rest and in-transit using standard encryption schemes
Vendor Management
All Vendors who may process patient information are required to be HIPAA compliant and sign BAAs with Freed
Freed regularly reviews vendor security practices to ensure continued high standards
Artificial Intelligence
All AI models are HIPAA-compliant and don’t retain data
Protected health information is never used for AI training purposes
Patient Information
Patient information is encrypted at-rest and in-transit
Patient recordings are temporarily saved in a secure and HIPAA-compliant manner until note summaries and quality checks are complete, and then they are automatically deleted
Patient notes can be manually deleted at any time or set to automatically delete after 30 days