Security at 3bHealth
3bHealth understands the critical importance of information protection to our customers and recognizes the contribution information security can make to an organization’s strategic initiatives and overall risk management. 3bHealth has therefore adopted security controls and practices that are designed to protect the confidentiality, integrity and availability of customer information that is hosted within the 3bHealth platform. 3bHealth continually works to strengthen and improve those security controls and practices.
3bHealth takes a holistic approach to information security, implementing a multilayered defense where network, operating system, database and application security practices and procedures complement each other.
Privacy at 3bHealth
3bHealth takes privacy and data protection seriously and keeps all data and information entrusted to us strictly confidential. 3bHealth enforces strict access controls and will only allow those with the proper credentials to access information and data shared with us, this includes employees, contractors, affiliates, and partners. 3bHealth adheres current regulatory requirements in all its jurisdictions to remain compliant with the laws. Our systems and processes are designed with data protection and privacy in mind.
- Protecting personal data: De‑identification & pseudonymization
All data provided to 3bHealth will be pseudonymized and/or de-identified by the HCO (Health Care Organization) as specified and required. 3bHealth can assist the HCO team to setup such a pseudonymization process in case such a process does not exist within the HCO. In addition, 3bHealth uses expert determination to make sure that any data that is made available to end-users is sufficiently de-identified.
- Data Governance Program:
3bHealth ensures data is managed consistently by enabling a group of professionals to evaluate, utilizing responsible and accountable data owners, and custodians across the data lifecycle. The Data Trust team is composed of 3bHealth employees from the legal, privacy, compliance, and security teams.
- General Data Protection Regulation (GDPR):
Our systems and procedures meet the European Union’s (EU) guideline for extraterritorial scope for data transfers from the EU to our platform while safeguarding and supporting our customer’s need for confidentiality, integrity, availability, and resilience of systems and services processing Personal Data.
- Health Information Portability and Accountability Act (HIPAA)
3bHealth uses the Expert Determination method to ensure that our information is properly de-identified under the HIPAA Privacy Rule.