Support

Global privacy—HIPAA requirements

Health Insurance Portability and Accountability Act (HIPAA)

As a global leader in conversational AI and healthcare technology, clients trust Nuance to deliver solutions that handle patient data responsibly. We remain firmly committed to helping our clients comply with HIPAA.

HIPAA requires that covered entities and their business associates apply administrative, technical, and physical safeguards to maintain the confidentiality, integrity, and availability of electronic-protected health information (ePHI).

To support HIPAA compliance efforts, Nuance evaluates our products and product environments for:

  • Encryption of data.
  • Restriction of physical access to production servers.
  • HITRUST CSF certification control capability.
  • Configurable administrative controls that allow customers to:
       a. Manage access control and authorizations at a granular level.
       b. Track patient data to fulfill patient access requests.
       c. Monitor and re-evaluate access rights.
       d. Obtain reporting and audit trails to account for both user and content activities. audit trails to account for both user and content activities

Beyond the customer-facing side of our healthcare solutions, Nuance embraces a holistic approach to securing patient data within our custody. We maintain and regularly review policies and procedures for the consistent application of appropriate and necessary controls.

Our patient data security approach includes:

  • Assigning dedicated personnel to support privacy and security activities throughout the organization.
  • Conducting regular HIPAA and data protection training.
  • Restricting access as appropriate and necessary to information assets.
  • Managing authorized user access as well as ensuring employee accountability for any unauthorized use or disclosure.
  • Implementing cryptographic controls designed to protect the confidentiality, authenticity, and/or integrity of information.
  • Designating secure areas to prevent unauthorized physical access, damage, and interference with information and information processing.
  • Operating systems, networks, and facilities in a secure manner to protect against malware.
  • Conducting regular data backups to protect against loss of data.
  • Prioritizing information security with vendors, suppliers, and other third parties to protect information assets.
  • Responding to information security incidents consistently and effectively to address any weakness and mitigate further risks.
  • Ensuring continuous availability and integrity of data.

For any cloud-based and on-premise solution, responsibility with respect to data privacy—including access and controls—is shared. Our clients are responsible for configuring Nuance solutions to support HIPAA compliance efforts and for enforcing applicable policies in their organizations in accordance with HIPAA requirements.

All information, content, and materials, available on this site are for general informational purposes only, and do not amend or supersede the express terms of any agreement, any transaction, or any rights or obligations you may have under applicable law, create any rights or obligations, or otherwise affect your or Nuance’s liabilities and obligations. The content is provided "as is;" with no representations as to whether the materials are applicable to any particular service, jurisdiction or location. For specific information regarding your account, please reference to your agreement with Nuance and Nuance’s privacy policy.