Our Approach to Security, Privacy, and Compliance

We’re deliberate about what data we access and how we use that data in our work. Our teams are responsible for protecting the confidentiality, integrity, and availability of all healthcare data, client information, intellectual property, and employee data that’s entrusted to Nuna.

To stay ahead of a constantly evolving landscape, we:

  • Build and maintain automated security solutions.
  • Foster a security-aware culture.
  • Challenge assumptions about security and compliance best practices.

Proven Success Delivering Secure Solutions

We’ve developed data solutions for partners with stringent security and privacy requirements, including the federal government, Fortune 20 companies, major health plans, and national provider systems.

Security and Compliance Frameworks

We’ve adopted rigorous security and compliance frameworks in accordance with the Cloud Security Alliance’s best practices.

SOC2 certified.

HIPAA and HITECH compliant (following the Privacy Rule, Security Rule, and Breach Notification Rule).

Compliant within ARS and FedRAMP frameworks when working with government entities.

Committed to annual self-assessments including CAIQ.

Our team evangelizes these standards among our customers, vendors, and data peers.

Policies and Procedures

Nuna has policies and procedures in place for a number of core business areas, aligning with the latest HIPAA, NIST, and ISO 27001 standards:

Application / Infrastructure Security

Business Continuity

Disaster Recovery

Change Management

Data Privacy and Management

Human Resourcing

Access Management

Threat and Vulnerability Management

Incident Management