Skip to main contentSkip to navigationSkip to footer
Elderwise Logo
Elderwise
Para sa mga ClinicianPara sa mga CaregiverEpektoBlogMakipag-ugnayan

Para sa mga Caregiver

  • I-download ang App
  • Patakaran sa Privacy
  • Mga Tuntunin ng Serbisyo
  • Ulat ng Vulnerability

Para sa mga Clinician

  • Mga Klinikal na Solusyon
  • Presyo
  • Integrasyon
  • Mag-schedule ng Discovery Call

Mga Resources

  • Blog
  • Elderwise Information Hub
  • FAQ
  • Makipag-ugnayan

Kumpanya

  • Tungkol sa Amin
  • Mga Halaga Namin
  • Epekto
  • Mga Trabaho
  • Legal, Panganib at Compliance

Compliance at Seguridad

Pangkalahatang-tanaw ng ComplianceтАвPatakaran sa CookieтАвHIPAA ComplianceтАв

Mga Karapatan ng Pasyente at Data

Humiling ng mga Medikal na RekordтАвMag-ulat ng Data BreachтАвI-delete ang AccountтАвI-delete ang Data
Elderwise Logo
Elderwise

Lahat ng Karapatan ay Nakalaan

    1. Home
    3. Compliance at Seguridad
    HIPAA Compliant

    Compliance

    Pangako sa Seguridad at Privacy

    Ang Aming mga Sertipikasyon

    Pagsunod sa HIPAA
    Sumusunod

    Mga kontrol sa seguridad at privacy na nakahanay sa mga kinakailangan ng HIPAA na naipatupad

    Pagsunod sa GDPR
    Sumusunod

    Mga kontrol sa proteksyon ng data na sumusunod sa mga kinakailangan ng GDPR

    Pagsunod sa PDPA
    Sumusunod

    Proteksyon ng personal na data na nakahanay sa mga pamantayan ng PDPA

    ISO 27001 (Audit na Nasa Proseso)
    Nasa Proseso

    ISO 27001 certification audit na kasalukuyang nasa proseso

    Mga Hakbang sa Seguridad

    Teknikal

    Pag-encrypt ng Datos

    AES-256 encryption para sa data at rest at TLS 1.3 para sa data in transit

    Administratibo

    Kontrol sa Pag-access

    Role-based access na may multi-factor authentication at SSO support

    Teknikal

    Pagsubaybay sa Seguridad

    Patuloy na pagsubaybay sa seguridad at pagtukoy ng banta

    Teknikal

    Backup at Recovery

    Automated backup na may na-test na disaster recovery procedure

    Pangako sa Privacy

    Kami ay nangako sa pagprotekta ng iyong privacy at pagbibigay sa iyo ng kontrol sa iyong data.

    Mga Pamantayan sa Healthcare at Compliance ng Elderwise

    Huling Na-update: 2025-09-27
    HIPAA
    Layunin: Nakumpleto na

    Health Insurance Portability and Accountability Act

    Batas sa privacy at seguridad ng healthcare ng U.S. na namamahala sa PHI.

    Kaugnayan sa Healthcare:

    Seguridad ng healthcare data ng US

    Mga Pangunahing Kinakailangan:

      Paano Sumusunod ang Elderwise:

      AES-256 encryption, role-based access, komprehensibong audit trail

      GDPR
      Layunin: Q2 2026

      General Data Protection Regulation

      Regulasyon ng EU sa proteksyon ng data na sumasaklaw sa lawful processing at mga karapatan.

      Kaugnayan sa Healthcare:

      Proteksyon ng data para sa mga mamamayan ng EU

      Mga Pangunahing Kinakailangan:

        Paano Sumusunod ang Elderwise:

        Privacy-by-design na arkitektura na may mga tool sa pamamahala ng consent

        PDPA
        Layunin: Nakumpleto na

        Personal Data Protection Act

        Batas sa proteksyon ng data ng Singapore na nagbibigay-diin sa pahintulot at limitasyon ng layunin.

        Kaugnayan sa Healthcare:

        Proteksyon ng data para sa Singapore

        Mga Pangunahing Kinakailangan:

          Paano Sumusunod ang Elderwise:

          Buong pagsunod sa balangkas ng PDPA

          ISO27001
          Layunin: Q2 2026

          ISO/IEC 27001 Information Security Management System

          Internasyonal na pamantayan ng ISMS para sa pamamahala ng mga panganib sa seguridad ng impormasyon.

          Kaugnayan sa Healthcare:

          International standard for establishing, implementing, maintaining, and continuously improving an ISMS.

          Mga Pangunahing Kinakailangan:

          • Risk management program
          • ISMS governance and documentation
          • Security controls per Annex A
          • Continuous improvement cycle

          Paano Sumusunod ang Elderwise:

          Formal ISMS scope definition, risk register, policies and control mapping, internal audits in progress, and certification audit underway.

          SOC2
          Layunin: Kasalukuyang ginagawa

          Service Organization Control 2

          Sertipikasyon sa seguridad at availability ng organisasyon

          Kaugnayan sa Healthcare:

          Pamantayan sa seguridad at availability

          Mga Pangunahing Kinakailangan:

            Paano Sumusunod ang Elderwise:

            Patuloy na pag-audit at sertipikasyon

            HITRUST
            Layunin: 2026

            HITRUST CSF

            Healthcare-centric certifiable security framework na nag-harmonize ng maraming pamantayan.

            Kaugnayan sa Healthcare:

            Healthcare-focused certifiable framework harmonizing HIPAA, ISO, NIST, and other requirements.

            Mga Pangunahing Kinakailangan:

            • Risk-based control selection
            • Policy/procedure implementation
            • Validation and scoring
            • External assessment

            Paano Sumusunod ang Elderwise:

            Scope definition for PHI systems, control inheritance where applicable, and staged readiness toward validated assessment.

            HSA
            Layunin: Q2 2026

            Singapore HSA Guidance (Medical Technologies)

            Gabay ng Singapore HSA para sa mga medikal na teknolohiya at software.

            Kaugnayan sa Healthcare:

            Regulatory guidance for medical device software and health tech solutions in Singapore.

            Mga Pangunahing Kinakailangan:

            • Risk classification and documentation
            • Quality management alignment
            • Clinical and cybersecurity considerations

            Paano Sumusunod ang Elderwise:

            Alignment with HSA advisories, documentation of intended use and risk controls; leverage ISO 14971/IEC 62304 where applicable.

            HITECH
            Layunin: Q1 2026

            HITECH Act (Abiso sa Paglabag)

            Mga pagpapahusay ng U.S. sa breach notification at enforcement sa HIPAA.

            Kaugnayan sa Healthcare:

            Mga pagpapahusay ng abiso sa paglabag at pagpapatupad ng US sa HIPAA.

            Mga Pangunahing Kinakailangan:

            • Pagsusuri ng panganib sa paglabag
            • Napapanahong mga abiso
            • Mga threshold ng pag-uulat sa media at HHS

            Paano Sumusunod ang Elderwise:

            Mga runbook ng incident response, pag-preserve ng ebidensya, mga decision tree para sa pagsusuri ng materialidad

            FHIR
            Layunin: Q3 2026

            Fast Healthcare Interoperability Resources

            Modernong pamantayan ng interoperability para sa structured clinical data exchange.

            Kaugnayan sa Healthcare:

            Pamantayan para sa healthcare data exchange

            Mga Pangunahing Kinakailangan:

              Paano Sumusunod ang Elderwise:

              FHIR R4 compliant na API design

              HL7
              Layunin: Operational

              HL7 v2/v3 Messaging

              Mga pamantayan sa messaging sa healthcare na ginagamit ng mga EHR at laboratoryo.

              Kaugnayan sa Healthcare:

              Legacy and current healthcare messaging standards widely used by EHRs and labs.

              Mga Pangunahing Kinakailangan:

              • Message formats and segments
              • Ack/error handling
              • Transport and security

              Paano Sumusunod ang Elderwise:

              Adapters for HL7 v2.x integration where required, normalization to internal schemas, and secure transport.

              ISO13485
              Layunin: 2026

              ISO 13485 Medical Devices QMS

              Pamantayan ng quality management system para sa mga medikal na device.

              Kaugnayan sa Healthcare:

              Quality management standard for organizations involved in medical device lifecycle.

              Mga Pangunahing Kinakailangan:

              • Documented QMS
              • Design and development controls
              • Risk management and traceability
              • Post-market surveillance

              Paano Sumusunod ang Elderwise:

              Progressive QMS adoption for applicable software modules; align with regulatory pathways if device classification applies.

              ISO42001
              Layunin: 2026

              ISO/IEC 42001 AI Management System

              Pamantayan ng AI management system para sa responsableng pamamahala ng AI.

              Kaugnayan sa Healthcare:

              Framework for governing responsible AI systems across lifecycle.

              Mga Pangunahing Kinakailangan:

              • AI risk management and controls
              • Data governance and transparency
              • Monitoring and continuous improvement

              Paano Sumusunod ang Elderwise:

              Map existing controls to AI risks, define KPIs and documentation for transparency, and institute model governance workflows.

              May mga Tanong sa Seguridad?

              Ang aming security team ay narito upang tulungan kang sagutin ang anumang mga tanong tungkol sa aming compliance at mga hakbang sa seguridad.

              Tuklasin Pa

              Para sa mga Healthcare Provider

              Alamin kung paano nag-integrate ang Elderwise sa mga klinikal na workflow

              Presyo at mga Plano

              Ihambing ang mga plano para sa pamilya at provider

              Knowledge Hub

              Mga mapagkukunan para sa mga eldercare professional

              Makipag-ugnayan sa Amin

              Makipag-ugnayan sa aming security team

              Legal Documents & Compliance Materials

              • Request Business Associate Agreement (BAA)
              • Request Data Processing Agreement (DPA)
              • Request Security & Privacy Documentation
              • Request Compliance Attestation
              • Request Penetration Test Executive Summary

              Data Protection & Security Contacts

              Data Protection Officer:dpo@elderwise.ai

              EU Representative (Art. 27 GDPR):eu-rep@elderwise.ai

              APAC Representative:apac-rep@elderwise.ai

              Security Team:security@elderwise.ai

              Vulnerability Reporting:security-alerts@elderwise.ai

              Certification Roadmap

              Elderwise's phased certification timeline:

              • Q3 2025: FHIR & HL7 interoperability certifications
              • Q4 2025: GDPR compliance validation
              • Q2 2026: ISO 27001 certification (audit in progress)
              • February 2026: ISO 42001 (AI Management System) certification
              • Q2 2026: HIPAA, HITECH & HSA certifications
              • Q3 2026: SOC 2 Type II & HITRUST CSF certifications
              • Q4 2026: ISO 13485 certification & continuous compliance monitoring

              Healthcare-Specific Security Features

              • for all sensitive health information
              • for healthcare provider access
              • aligned with clinical workflows
              • for all actions on protected health information
              • Secure API design for healthcare system integrations
              • Context-aware access controls for different care settings
              • Session timeout controls for clinical environments
              • Secure offline caching for emergency care scenarios

              Healthcare Infrastructure Security

              • Hosting in ISO 27001 certified data centers
              • Region-specific data residency options for regulatory compliance
              • Regular vulnerability scanning and penetration testing
              • Disaster recovery with 99.9% uptime commitment
              • Infrastructure as Code (IaC) for secure, consistent deployments
              • Network segmentation for clinical vs. administrative data
              • 24/7 infrastructure monitoring with healthcare-specific alerts
              • Continuous security control validation using automated tools

              Continuous Compliance Program

              • Automated compliance monitoring tools
              • Regular internal audits specific to healthcare requirements
              • Vendor security assessment program for all third parties
              • Compliance training for all staff, with healthcare-specific modules
              • Quarterly security steering committee with clinical stakeholders
              • Real-time compliance monitoring dashboard for leadership visibility
              • Automated evidence collection to streamline certification maintenance

              Healthcare Data Governance Framework

              Data Collection in Healthcare Context
              • Explicit consent mechanisms for patient data with healthcare-specific language
              • Transparent data collection purposes aligned with clinical needs
              • Minimized data collection following principles of medical necessity
              • Special handling procedures for sensitive medical categories
              • Patient-centric approach to data ownership and control
              Healthcare Data Retention
              • Retention policies aligned with medical record requirements by jurisdiction
              • Secure, compliant data archiving for long-term medical records
              • Automated data deletion when retention periods expire
              • Special provisions for pediatric and geriatric record retention
              • Data lifecycle management specific to clinical documentation standards
              Clinical Data Processing
              • Processing limited to intended healthcare purposes
              • Secure analytics for population health insights
              • De-identified data use for research and development
              • Validation processes for algorithm-assisted clinical reference tools
              • Secure federated learning techniques for model improvements
              Patient Data Rights
              • Patient access to personal health information
              • Correction mechanisms for inaccurate health data
              • Data portability between healthcare providers
              • Special handling for vulnerable populations and proxy access
              • Transparent record of all third-party data sharing

              Elderwise Healthcare Compliance Commitment:

              Our compliance strategy follows Vanta's recommended "security by design" principles, embedding healthcare compliance requirements into our development process from inception to deployment. We recognize that healthcare data security directly impacts patient outcomes and provider efficiency, so our approach integrates technical safeguards with clinical workflow considerations to create a secure environment that enhances rather than impedes care delivery. Our compliance program emphasizes both regulatory adherence and the ethical responsibility we have to protect sensitive health information.