Skip to main contentSkip to navigationSkip to footer
Elderwise Logo
Elderwise
For PrestatairesFor AidantsImpactBlogContact

Pour les aidants

  • Télécharger l'application
  • Politique de confidentialité
  • Conditions d'utilisation
  • Rapport de vulnérabilité

Pour les prestataires

  • Solutions cliniques
  • Tarifs
  • Intégration
  • Planifier un appel de découverte

Ressources

  • Blog
  • Elderwise Insights
  • FAQ
  • Contact

Entreprise

  • À propos de nous
  • Nos valeurs
  • Impact
  • Carrières
  • Juridique, Risque et Conformité

Conformité et Sécurité

Aperçu de la conformité•Politique de cookies•Conformité HIPAA•

Droits des patients et des données

Demander des dossiers médicaux•Signaler une violation de données•Supprimer le compte•Supprimer les données
Elderwise Logo
Elderwise

© {year} Elderwise. Tous droits réservés.

    1. Accueil
    3. Compliance & Security | Elderwise
    Conforme HIPAA

    Compliance & Security

    Your trust is our priority. We maintain the highest standards of data protection and regulatory compliance.

    Our Certifications

    HIPAA Compliance
    En conformité

    Security and privacy controls aligned with HIPAA requirements implemented

    GDPR Compliance
    En conformité

    Data protection controls following GDPR requirements

    PDPA Compliance
    En conformité

    Personal data protection aligned with PDPA standards

    ISO 27001 (Audit En Cours)
    En cours

    Audit de certification ISO 27001 actuellement en cours

    Security Measures

    Technique

    Data Encryption

    AES-256 encryption for data at repos and TLS 1.3 for data in transit

    Administratif

    Access Control

    Role-based access with multi-factor authentication and SSO support

    Technique

    24/7 Surveillance

    Continuous security surveillance and threat detection

    Technique

    Backup & Récupération

    Automated backups with tested disaster récupération procedures

    Confidentialité Commitment

    We are committed to protecting your privacy and giving you control over your data.

    Santé Standards & Elderwise Compliance

    Last Mis à jour: 2025-09-27
    HIPAA
    Target: Operational

    Santé Insurance Portability and Accountability Act (HIPAA)

    U.S. santé privacy and security law governing PHI.

    Santé Relevance:

    U.S. santé privacy and security requirements governing PHI handling by covered entities and business associates.

    Key Requirements:

    • Business Associate Agreements (BAAs)
    • Role-based access and MFA
    • Audit logging and surveillance
    • Minimum necessary access
    • Encryption in transit and at repos
    • Breach notification procedures
    • Periodic risque évaluations and workforce training

    How Elderwise Complies:

    BAAs in place with processors, enforced RBAC/MFA/SSO, centralized audit logs, least-privilege defaults, AES-256/TLS 1.3 encryption, incident response runbooks, and recurring HIPAA training.

    GDPR
    Target: Operational

    EU General Data Protection Regulation (GDPR)

    EU data protection regulation covering lawful processing and rights.

    Santé Relevance:

    EU/EEA framework for data protection, lawful processing, and data subject rights.

    Key Requirements:

    • Lawful basis and consent management
    • Data subject rights (access, erasure, portability)
    • Data Processing Agreements
    • Data Protection by Design and Default
    • Records of processing activities
    • International transfer safeguards

    How Elderwise Complies:

    Consent capture and audit trails, DPA addenda with vendors, privacy by design reviews, DSR workflows, and transfer impact évaluations where applicable.

    PDPA
    Target: Operational

    Personal Data Protection Act (PDPA, Singapore)

    Singapore data protection law emphasizing consent and purpose limitation.

    Santé Relevance:

    Singapore data protection obligations for consent, purpose limitation, notification, and access/correction.

    Key Requirements:

    • Consent and notification
    • Purpose limitation
    • Access and correction rights
    • Protection and retention limits
    • Data breach notification

    How Elderwise Complies:

    Localized consent statements, retention schedules, access/correction channels, and breach notification procedures aligned with PDPC guidance.

    ISO27001
    Target: Q2 2026

    ISO/IEC 27001 Information Security Management System

    International ISMS standard for managing information security risques.

    Santé Relevance:

    International standard for establishing, implementing, maintaining, and continuously improving an ISMS.

    Key Requirements:

    • Risque management program
    • ISMS governance and documentation
    • Security controls per Annex A
    • Continuous improvement cycle

    How Elderwise Complies:

    Formal ISMS scope definition, risque register, policies and control mapping, internal audits, and readiness for certification.

    SOC2
    Target: Q2 2026

    SOC 2 Type II (Security, Availability, Confidentiality)

    Attestation of security controls effectiveness over a period (Type II).

    Santé Relevance:

    Attestation of control effectiveness over a review period per AICPA Trust Services Criteria.

    Key Requirements:

    • Documented policies and procedures
    • Security surveillance and alerting
    • Change and incident management
    • Vendor risque management

    How Elderwise Complies:

    Control mapping to TSC, evidence collection automation, continuous surveillance, quarterly control testing, and external audit readiness.

    HITRUST
    Target: 2026

    HITRUST CSF

    Santé-centric certifiable security framework harmonizing multiple standards.

    Santé Relevance:

    Santé-focused certifiable framework harmonizing HIPAA, ISO, NIST, and other requirements.

    Key Requirements:

    • Risque-based control selection
    • Policy/procedure implementation
    • Validation and scoring
    • External évaluation

    How Elderwise Complies:

    Scope definition for PHI systems, control inheritance where applicable, and staged readiness toward validated évaluation.

    HSA
    Target: Q2 2026

    Singapore HSA Guidance (Médical Technologies)

    Singapore HSA guidance for médical technologies and software.

    Santé Relevance:

    Regulatory guidance for médical device software and santé tech solutions in Singapore.

    Key Requirements:

    • Risque classification and documentation
    • Quality management alignment
    • Clinique and cybersecurity considerations

    How Elderwise Complies:

    Alignment with HSA advisories, documentation of intended use and risque controls; leverage ISO 14971/IEC 62304 where applicable.

    HITECH
    Target: Q1 2026

    HITECH Act (Breach Notification)

    U.S. breach notification and enforcement enhancements to HIPAA.

    Santé Relevance:

    U.S. breach notification and enforcement enhancements to HIPAA.

    Key Requirements:

    • Breach risque évaluation
    • Timely notifications
    • Media and HHS reporting thresholds

    How Elderwise Complies:

    Incident response runbooks, evidence preservation, decision trees for materiality and reporting timelines.

    FHIR
    Target: Operational

    HL7 FHIR (Interoperability)

    Modern interoperability standard for structured clinique data exchange.

    Santé Relevance:

    Modern santé interoperability standard for structured clinique data exchange.

    Key Requirements:

    • FHIR resources and profiles
    • RESTful APIs and conformance
    • Security and authorization (SMART on FHIR)

    How Elderwise Complies:

    FHIR-first data modeling for core entities, versioned profiles, and OAuth2/OpenID Connect for secure access.

    HL7
    Target: Operational

    HL7 v2/v3 Messaging

    Santé messaging standards used by EHRs and labs.

    Santé Relevance:

    Legacy and current santé messaging standards widely used by EHRs and labs.

    Key Requirements:

    • Message formats and segments
    • Ack/error handling
    • Transport and security

    How Elderwise Complies:

    Adapters for HL7 v2.x integration where required, normalization to internal schemas, and secure transport.

    ISO13485
    Target: 2026

    ISO 13485 Médical Devices QMS

    Quality management system standard for médical devices.

    Santé Relevance:

    Quality management standard for organizations involved in médical device lifecycle.

    Key Requirements:

    • Documented QMS
    • Design and development controls
    • Risque management and traceability
    • Post-market surveillance

    How Elderwise Complies:

    Progressive QMS adoption for applicable software modules; align with regulatory pathways if device classification applies.

    ISO42001
    Target: 2026

    ISO/IEC 42001 AI Management System

    AI management system standard for responsible AI governance.

    Santé Relevance:

    Framework for governing responsible AI systems across lifecycle.

    Key Requirements:

    • AI risque management and controls
    • Data governance and transparency
    • Surveillance and continuous improvement

    How Elderwise Complies:

    Map existing controls to AI risques, define KPIs and documentation for transparency, and institute model governance workflows.

    Have Security Questions?

    Our security team is here to help answer any questions about our compliance and security measures.

    Explorer plus

    Pour les prestataires de santé

    Découvrez comment Elderwise s'intègre aux flux de travail cliniques

    Tarifs et plans

    Comparez les plans familiaux et les plans pour prestataires

    Centre de connaissances

    Ressources pour les professionnels des soins aux personnes âgées

    Nous contacter

    Contactez notre équipe de sécurité

    Legal Documents & Compliance Materials

    • Request Business Associate Agreement (BAA)
    • Request Data Processing Agreement (DPA)
    • Request Security & Privacy Documentation
    • Request Compliance Attestation
    • Request Penetration Test Executive Summary

    Data Protection & Security Contacts

    Data Protection Officer:dpo@elderwise.ai

    EU Representative (Art. 27 GDPR):eu-rep@elderwise.ai

    APAC Representative:apac-rep@elderwise.ai

    Security Team:security@elderwise.ai

    Vulnerability Reporting:security-alerts@elderwise.ai

    Certification Roadmap

    Elderwise's phased certification timeline:

    • Q3 2025: FHIR & HL7 interoperability certifications
    • Q4 2025: GDPR compliance validation
    • Q2 2026: ISO 27001 certification (audit in progress)
    • February 2026: ISO 42001 (AI Management System) certification
    • Q2 2026: HIPAA, HITECH & HSA certifications
    • Q3 2026: SOC 2 Type II & HITRUST CSF certifications
    • Q4 2026: ISO 13485 certification & continuous compliance monitoring

    Healthcare-Specific Security Features

    • for all sensitive health information
    • for healthcare provider access
    • aligned with clinical workflows
    • for all actions on protected health information
    • Secure API design for healthcare system integrations
    • Context-aware access controls for different care settings
    • Session timeout controls for clinical environments
    • Secure offline caching for emergency care scenarios

    Healthcare Infrastructure Security

    • Hosting in ISO 27001 certified data centers
    • Region-specific data residency options for regulatory compliance
    • Regular vulnerability scanning and penetration testing
    • Disaster recovery with 99.9% uptime commitment
    • Infrastructure as Code (IaC) for secure, consistent deployments
    • Network segmentation for clinical vs. administrative data
    • 24/7 infrastructure monitoring with healthcare-specific alerts
    • Continuous security control validation using automated tools

    Continuous Compliance Program

    • Automated compliance monitoring tools
    • Regular internal audits specific to healthcare requirements
    • Vendor security assessment program for all third parties
    • Compliance training for all staff, with healthcare-specific modules
    • Quarterly security steering committee with clinical stakeholders
    • Real-time compliance monitoring dashboard for leadership visibility
    • Automated evidence collection to streamline certification maintenance

    Healthcare Data Governance Framework

    Data Collection in Healthcare Context
    • Explicit consent mechanisms for patient data with healthcare-specific language
    • Transparent data collection purposes aligned with clinical needs
    • Minimized data collection following principles of medical necessity
    • Special handling procedures for sensitive medical categories
    • Patient-centric approach to data ownership and control
    Healthcare Data Retention
    • Retention policies aligned with medical record requirements by jurisdiction
    • Secure, compliant data archiving for long-term medical records
    • Automated data deletion when retention periods expire
    • Special provisions for pediatric and geriatric record retention
    • Data lifecycle management specific to clinical documentation standards
    Clinical Data Processing
    • Processing limited to intended healthcare purposes
    • Secure analytics for population health insights
    • De-identified data use for research and development
    • Validation processes for algorithm-assisted clinical reference tools
    • Secure federated learning techniques for model improvements
    Patient Data Rights
    • Patient access to personal health information
    • Correction mechanisms for inaccurate health data
    • Data portability between healthcare providers
    • Special handling for vulnerable populations and proxy access
    • Transparent record of all third-party data sharing

    Elderwise Healthcare Compliance Commitment:

    Our compliance strategy follows Vanta's recommended "security by design" principles, embedding healthcare compliance requirements into our development process from inception to deployment. We recognize that healthcare data security directly impacts patient outcomes and provider efficiency, so our approach integrates technical safeguards with clinical workflow considerations to create a secure environment that enhances rather than impedes care delivery. Our compliance program emphasizes both regulatory adherence and the ethical responsibility we have to protect sensitive health information.