Data security @ MOAI Health

We understand that physical security is a critical aspect of health data protection. Our infrastructure is hosted on Google Cloud Platform (GCP), which offers secure data centre facilities and industry-leading physical security measures. We are a hybrid company and operate remotely and on physical premises.

To ensure the utmost protection for your health data, we employ segregation at multiple levels. Our multi-tenant architecture separates data at the tenant level, and we've established different Virtual Private Clouds (VPCs) for various environments, such as production and development. Furthermore, resources are segregated based on data type, ensuring that different types of health data remain separate.

Each of our environments is hosted within separate Virtual Private Clouds (VPCs) on Google Cloud Platform. Our production networks are meticulously separated between public and internal services, with strict controls in place to prevent unauthorised access.

Access control is a core aspect of health data security. We follow the principle of least privilege, ensuring that only authorised and trained individuals have access to health data. Secure connectivity along with multi-factor authentication is mandatory for accessing our resources. Our access control measures guarantee that employees can only access health data when necessary for their roles, adding an additional layer of protection to your sensitive information. Only a minimal number of authorised MOAI Health employees have access to individual-level data, and access is audited and monitored.

Our comprehensive set of information security policies, aligned with ISO 27001 standards, guides our employees and contractors in making the right security decisions. We regularly update these policies to reflect the ever-evolving landscape of health data security. Additionally, we provide our team with security awareness training to ensure they stay informed and vigilant about health data protection.

Once your data enters our systems, we implement multiple layers of encryption and access controls to ensure its security. Data is encrypted in transit and at rest, using advanced encryption standards to maintain its confidentiality. Our workstations and devices are fully encrypted, guaranteeing the protection of the information they contain. Your health data is safe and secure throughout its entire lifecycle with MOAI Health.

We retain your data for as long as necessary to fulfil the purposes for which it was collected, in accordance with applicable laws and regulations. In compliance with GDPR and other data protection regulations, we are also prepared to keep certain data for indefinite periods as required by law. However, if you ever wish to have your data completely removed from our platform, we offer a straightforward data deletion process to accommodate your requests.

In the event of a security incident, our comprehensive incident response policies and procedures, compliant with GDPR, guide our actions. These procedures provide the necessary steps to address security incidents promptly and effectively, including initial response, investigation, and notification. We prioritise timely communication with both supervisory authorities and affected data subjects, ensuring transparency and compliance with data protection regulations.