- Auditable and compliant with both US and European health regulations
- Secured Service APIs and Authenticated Access to Data Encryption & Sensitive Data Management
InsightMedi for Institutions sits on top of the Google Cloud Platform and conforms to the Google security model, an end-to-end process focused on keeping users and data safe across the board. InsightMedi makes sure to leverage all critical features implemented in Google’s own security model.
The platform undergoes several independent third party audits on a regular basis to provide users with external verification. Audits on standards like SSAE16 / ISAE 3402 Type II, ISO 27001, ISO 27017, ISO 27018, FedRamp ATO, and PCI DSS v3.1 are conducted on yearly basis.
To improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required HHS to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security. InsightMedi supports HIPAA compliance within the scope of Google's Business Associate Agreement.
The EU-U.S. Privacy Shield Framework provides an adequate mechanism to allow EU companies to comply with requirements under the EU Data Protection Directive in connection with transfer of personal data from the European Union to the United States. InsightMedi for Institutions, through Google Cloud Platform, provides sufficient commitments to frame international data flows from Europe to the rest of the world.
CSA is the leading organization dedicated to defining and raising awareness of best practices to help ensure secure cloud computing environments. The CSA’s Security, Trust & Assurance Registry Program (STAR) is a three-tiered provider assurance program of self-assessment, 3rd party audit and continuous monitoring that aids customers with due diligence of cloud service providers.
Google Cloud (G Suite and the Google Cloud Platform) has completed the CSA STAR Level 1: Self-Assessment.
The platform undergoes several independent third party audits on a regular basis to provide customers with external verification. This means that an independent auditor has examined the controls present in our provider's data centers, infrastructure and operations. The platform has annual audits for the following standards:
The security in the infrastructure is designed in layers starting from the physical components and data center, to hardware provenance, and then on to secure boot, secure inter-service communication, secured data at rest, protected access to services from the internet and finally, the technologies and people processes we deploy for operational security.