Privacy, Compliance and Security
Bloom Value Corporation is very aware that the data we use to provide insight and value to your company is sensitive and confidential to both you and the people whose records are being used. We are committed to ensuring the compliance, security and privacy of our solutions – keeping your data safe and private.
We follow best practices for privacy and security that align with global regulatory requirements.
Privacy and Compliance
Bloom Value Corporation has been audited by an external HIPAA auditor and assessed as HIPAA compliant. All aspects of HIPAA compliance are addressed and reviewed monthly to ensure we retain our HIPAA compliance status, with an annual external audit.
Technical, Physical, and Administrative safeguards have been applied.
CCPA is California’s regulation for data protection and privacy. Bloom Value is CCPA compliant by dint of the exemption that applies for HIPAA compliant solutions.
TMRPA is the Texas regulation for data protection and privacy. Bloom Value is TMRPA compliant – certification is currently in progress.
Bloom Value Corporation will ensure that we meet any Privacy and Compliance requirements required for your data set prior to importing and making use of the data. Data will be stored and processed only in an appropriate Country/Geography.
All necessary agreements (BAA, BAS) will be in place before any of your sensitive data is processed by Bloom Value Corporation.
We understand the importance of Security to Bloom Value clients, and we are completely focused on meeting all the obligations required to ensure that the data in our care is protected.
Our underpinning technologies – the Azure platform and Microsoft365 products – provide us with the ability to implement a multi-layered security architecture using native security controls and threat intelligence capabilities. These allow us to identify and protect against existing and evolving threats.
Bloom Value Corporation Security Policies are based on the ISO 27001/2 framework, and are under constant review.
- Data Protection All data is encrypted in transit and at rest, using Bloom Value’s own encryption keys which are regularly rotated and kept in secured storage. Sensitive data (PHI and PII) is anonymised on landing.
- Our in-house Security Operations Centre continually monitors for threats and mitigates them before any compromise can occur.
- Bloom Value Corporation Employees All employees go through a thorough background check and sign a confidentiality agreement.
- A Secure Network Architecture prevents intrusion and compromise of Bloom Value Corporation resources.
- Identity and Access Management Two factor authentication is employed and identities may be federated with a client’s own IAM system.
- We secure our employees’ computers and other devices using Microsofts InTuneEnd Point Management solution – preventing data leakage and ensuring security of employee devices.