We take your privacy and security very seriously. We appreciate the delicate nature of what we do—and what you share with us—and want you to feel the utmost confidence in how we treat your information.
Thanks to sound digital infrastructure, rigorous internal processes and external validation from industry experts, you can be confident that your personal information is protected with Foresight.
We meet and exceed the requirements for the Health Insurance Portability and Accountability Act (HIPAA), which ensures your health information remains private. Foresight’s security practices have been externally audited, validating that we do what we say when it comes to protecting your data.
We encrypt data at rest and in motion as required by HIPAA and the Health Information Technology for Economic and Clinical Health Act (HITECH). All activity is encrypted in transit using TLS 1.2+ encryption. We use the Advanced Encryption Standard (AES) algorithm to encrypt data at rest.
We regularly assess risks to improve the security, confidentiality, integrity and availability of our systems. We also regularly review and update security policies, provide team members with security training, perform application and network security testing, and conduct risk assessments.
We test our infrastructure regularly to identify and patch vulnerabilities, and remediate our high-severity findings within 30 or fewer days.
Foresight is audited by an external firm to confirm compliance with HIPAA and HITECH standards, and maintain a System and Organization Controls (SOC 2) certification.
SOC 2 audits are independent, third-party examinations that demonstrate how an organization achieves key compliance controls and objectives.
SOC 2 audit reports are based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) existing Trust Services Criteria. Their purpose is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality and privacy.
The SOC 2 report is the independent third-party audit firm’s opinion of the organization’s system. The report assesses the fairness of the organization’s description of controls and also evaluates whether the organization’s controls are designed appropriately, were in operation on a specified date and operated effectively over a specified time period.
We’re committed to providing safeguards to our environment and data. If you find a vulnerability in our security, please let us know at firstname.lastname@example.org.