My inbox recently filled up with notices from numerous companies letting me know they had updated their privacy policies and were committed to protecting my data in the context of those policies. Fascinatingly, this flurry of activity took place in the absence of what most of us would consider a security breach. No one hacked a leading technology company and stole user data (although that risk always exists). The public simply became aware of how data was being used and demanded a change. Trigger events have involved outside developers using published API’s to access data that most would consider private. The lure of data availability drives developer behavior and product development, often in unintended ways. And, having access to data, even within a single large company, can have similar consequences.
We work hard at nVoq to protect your data. Working with external auditors, we constantly refine our processes and tools to protect our customers’ data, guided by our PCI-DSS certification, SOC2, and HIPAA compliance. Additionally, we limit our internal use of, and access to, data. As a provider of speech and automation productivity solutions, we only use collected data to improve speech recognition and automation performance. Additionally, even though almost all the data we collect contains no private information, we scrub potential PHI from the data before applying it to the computer models behind our services.
There is very little variance in the available definitions of privacy. It is primarily defined as a freedom from observation or disturbance. There is no qualifier that allows observation by some but not others. Healthcare is an intensely personal and private aspect of our lives. Using cloud-based services does not change this fact. We respect your privacy and the privacy of your data. By limiting its use to improving core speech functionality, we minimize risk exposure. You own your data. We won’t sell it. You will never see an advertisement based on your data. It will not be available to others via an API.
There are no guarantees in this world of aggressive cyberthreats, increasing complexity, and technical interdependencies. But all of us in healthcare must take privacy seriously. Security alone is necessary but not sufficient. In addition to protecting information from theft, we must guard against unintended and unwanted observation. Before you choose a cloud service provider, regardless of industry or specialty, consider how your data will be used, who will be allowed to observe it, and for what purpose.