We build and maintain systems that are secure by default. Our corporate IT infrastructure is based on Zero Trust principles.
Every Row of Data Is a Life
Every row of data is a life whose story deserves to be told with dignity. We are entrusted with data that tells a story about people, often in their most private moments. We are responsible for protecting and securing it against misuse. To meet that commitment, we have made security, privacy, and compliance the foundations of Nuna’s culture, solutions, and operations.
We’re deliberate about what data we access and how we use that data in our work. Our teams are responsible for protecting the confidentiality, integrity, and availability of all healthcare data, client information, intellectual property, and employee data that are entrusted to Nuna.
We believe solid and security-aware engineering practices produce good compliance as a consequence; it’s not something that can be “tacked on” once a system is already built.
We make sure to consider all aspects of privacy during the user data lifecycle; data protection, transparency and trust, and privacy as a human right and ethical value.
We foster a security-aware culture, and back it up with effective security mechanisms. We continuously evaluate our practices against new and emerging threats.
Proven success delivering secure solutions
We’ve developed data solutions for partners with stringent security and privacy requirements, including the federal government, fortune 20 companies, major health plans, and national provider systems.
We comply with HIPAA and HITECH requirements (following the Privacy Rule, Security Rule, and Breach Notification Rule)
We perform annual self-assessments for privacy and security, as well as recurring 3rd party assessments.
We comply with ARS frameworks when working with government entities, as well as per-organization requirements.
We undergo SOC2 audits and share the resulting security, availability, and confidentiality reports with our customers.
A Culture of Security
Nuna has policies and procedures in place for a number of core business areas, aligning with the latest HIPAA, NIST, and ISO 27001 standards: