Our Approach to Security, Privacy, and Compliance
We’re deliberate about what data we access and how we use that data in our work. Our teams are responsible for protecting the confidentiality, integrity, and availability of all healthcare data, client information, intellectual property, and employee data that’s entrusted to Nuna.
To stay ahead of a constantly evolving landscape, we:
- Build and maintain automated security solutions.
- Foster a security-aware culture.
- Challenge assumptions about security and compliance best practices.
Proven Success Delivering Secure Solutions
We’ve developed data solutions for partners with stringent security and privacy requirements, including the federal government, Fortune 20 companies, major health plans, and national provider systems.
Security and Compliance Frameworks
We’ve adopted rigorous security and compliance frameworks in accordance with the Cloud Security Alliance’s best practices.
SOC2 security, availability, and confidentiality report issued
HIPAA and HITECH compliant (following the Privacy Rule, Security Rule, and Breach Notification Rule)
Compliant within ARS and FedRAMP frameworks when working with government entities
Committed to annual self-assessments for privacy and security
Our team evangelizes these standards among our customers, vendors, and data peers.
Policies and Procedures
Nuna has policies and procedures in place for a number of core business areas, aligning with the latest HIPAA, NIST, and ISO 27001 standards:
Application / Infrastructure Security
Business Continuity
Disaster Recovery
Change Management
Data Privacy and Management
Human Resourcing
Access Management
Threat and Vulnerability Management
Incident Management