Trust
Privacy, Security and Compliance
At HitIQ, customer trust is our top priority. We know customers care deeply about privacy and data security, that’s why our products and systems are built using industry best practices and technology. You can rest assured that your data is always secure, meets the highest international standards, and complies with the toughest regulations.
Privacy
HitIQ is committed to protecting your privacy. Know that your data is protected by some of the strongest internal and external privacy-by-design frameworks.
Trust and Security
Security is foundational for HitIQ. Rest assured that your data is protected with our security-by-design model based on the highest industry standards.
Compliance
Know that our products and systems meet the latest compliance and security standards, frameworks, and guidelines worldwide.
PRIVACY
Know that your data is protected by some of the strongest internal and external privacy-by-design frameworks in the industry. At HitIQ, we are committed to protecting the privacy of your performance and medical data. When we process and use data, we protect it, preserve its ownership, and maintain the privacy of the person to whom it belongs.
EU GDPR (EU General Data Protection Regulation)
Compliance with the GDPR is a top priority for HitIQ and our customers. GDPR harmonizes data protection regulation throughout the EU and gives individuals more control over their data.
The GDPR lays out specific requirements for businesses and organizations that are established in Europe or who serve users in Europe. The GDPR covers:
- How businesses can collect, use, and store personal data
- Builds upon current documentation and reporting requirements to increase accountability
- Authorizes fines on businesses who fail to meet its requirements
Personal Information Protection and Electronic Documents Act (PIPEDA)
The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s federal private-sector data privacy law. It’s one of several Canadian privacy laws that impose restrictions on how organizations collect and use private information.
More information can be found here.
UK General Data Protection Regulation (UK GDPR)
Compliance with the UK GDPR is a top priority for HitIQ and our customers. UK GDPR harmonizes data protection regulation throughout the UK and gives individuals more control over their data.
The UK GDPR lays out specific requirements for businesses and organizations that are established in Europe or who serve users in the UK. The UK GDPR covers:
- How businesses can collect, use, and store personal data
- Builds upon current documentation and reporting requirements to increase accountability
- Authorizes fines on businesses who fail to meet its requirements
The Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act (FERPA) is a US federal law that affords parents the right to have access to their children’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records.
The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. More information can be found here.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA is legislation that is designed to make it easier for US workers to retain health insurance coverage when they change or lose their jobs. The legislation also seeks to encourage electronic health records to improve the efficiency and quality of the US healthcare system through improved information sharing.
Health Information Technology for Economic and Clinical Health Act (HITECH)
HITECH expanded the HIPAA rules in 2009. HIPAA and HITECH together establish a set of federal standards intended to protect the security and privacy of PHI. These provisions are included in what is known as the “Administrative Simplification” rules. HIPAA and HITECH impose requirements related to the use and disclosure of PHI, appropriate safeguards to protect PHI, individual rights, and administrative responsibilities.
Australia Privacy Act
The Privacy Act introduced in 1988, later amended in 2000, is an Australian law to protect the privacy and personal information of individuals living in the country. The Act sets out the Australian Privacy Principles (APPs) and regulates how organizations must handle certain personal information. The Australian Information Commissioner’s Office (the OAIC) implements the Act. They ensure compliance with current legislation regarding the protection of personal data for all individuals living in Australia. More information can be found here.
New Zealand Privacy Act
The New Zealand Privacy Act is a comprehensive data privacy law that was passed in New Zealand in 2020. New Zealand’s Privacy ACT sets forth specific requirements that businesses, individuals, and organizations alike must adhere to when collecting, accessing, using, or disclosing the personal data and information of New Zealand residents.
More information can be found here.
TRUST AND SECURITY
Focus on your business, knowing that your data is safe and reliable. Customer trust is our top priority. At HitIQ we are committed to providing customers with the highest level of information security management. Using our secure-by-design model, we help ensure trust and data security.
Secure Software Development Lifecycle
HitIQ assesses the security risk of each software development project according to our Secure Software Development Lifecycle. Before completion of the design phase, HitIQ undertakes an assessment to characterize the security risk of the software changes proposed. This risk analysis leverages both the OWASP Top 10 and the extensive experience of HitIQ’s security team to create a set of security requirements that must be met as part of the development lifecycle. This includes adopting tools and processes that detect application security vulnerabilities and integrate risk data and metrics as early as possible.
Data Encryption
HitIQ supports the latest recommended secure cipher suites to encrypt all traffic in transit, including the use of TLS 1.2 protocols, AES-256 encryption, and SHA-2 signatures for data transmitted between HitIQ apps and the HitIQ service.
Data at rest in HitIQ production network is encrypted using FIPS 140-2 compliant encryption standards. This applies to all types of data at rest within the system, including databases, file stores, database backups, etc.
Security Policies, Standards, and Procedures
HitIQ has put in place an industry-leading security program to ensure that customers can have the highest confidence in our management and control of their data. Our security program complies with ISO 27000 family of standards. Our industry-leading security program includes documentation and processes around:
- Information security policies
- Organisation of information security
- Human resource security
- Asset management
- Access control
- Cryptography
- Physical and environmental security
- Operations security
- Communications security
- System acquisition, development and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
- Compliance
COMPLIANCE
Get the assurance you need to know that our products and systems meet the latest industry and security standards. We regularly check compliance through external reviews and audits and follow one common framework, including data security and privacy regulations, worldwide.
ISO/IEC 27001:2022 INFORMATION SECURITY MANAGEMENT SYSTEM
HitIQ products and systems are designed to ISO/IEC 27001:2013 standards.
ISO/IEC 27001:2022 outlines and provides the requirements for an Information Security Management System (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks.
The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a global membership of 163 national standards bodies. The ISO/IEC 27000 family of standards helps organizations keep their information assets secure.