HIPAA at Pando

Some of the services that Pando offers are covered by the Health Insurance Portability and Accountability Act, or HIPAA. This means that we follow rules about how we keep your Protected Health Information, or PHI, private and secure. The following Notice of Privacy Practices describe more about how we comply with HIPAA and tell you about your rights to your PHI.

If you have additional questions or concerns about our privacy or security practices, please email dpo@hellopando.com or call us  +44 (0) 3300 970 165.

Most of us feel that our health information is private and should be protected. That is why there is a federal law that sets rules for health care providers and health insurance companies about who can look at and receive our health information. This law, called the Health Insurance Portability and Accountability Act of 1996 (HIPAA), gives you rights over your health information, including the right to get a copy of your information, make sure it is correct, and know who has seen it.

To learn how Pando collects, uses, and discloses information we obtain in connection with our provision of services through our website, mobile applications, or other online services please refer to the privacy policy. This policy applies to information collected in conjunction with those services, except with respect to individually identifiable health information that is considered Protected Health Information (“PHI”) under HIPAA.

Pando and Amazon Web Services (AWS)

Pando uses AWS’s utility-based cloud services to process, store, and transmit protected health information (PHI). We have chosen AWS to ensure the security of your health information and to ensure compliance with HIPAA and ISO 27001.

AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use the secure AWS environment to process, maintain, and store protected health information.

For detailed information about how we use AWS for the processing and storage of health information, see the whitepaper Architecting for HIPAA Security and Compliance on Amazon Web Services.


AWS ISO Certifications and Services

AWS has certification for compliance with ISO/IEC 27001:2013,27017:2015,27018:2019, and ISO/IEC 9001:2015. AWS services that are covered under the certifications are listed here.