Quality, security and privacy compliance

CareSimple Compliance
hipaa

PRIVACY

CareSimple complies with the legal obligations of a business associate with respect to the use and disclosure of protected health information (“PHI”) under HIPAA. CareSimple has implemented administrative, physical and technical safeguards that ensure reasonable and appropriate protection of the confidentiality, integrity and availability of the electronic PHI through the encryption and password protection of all electronic files.

Tactio complies with the legal obligations of a business associate with respect to the use and disclosure of protected health information (“PHI”) under HIPAA. Tactio has implemented administrative, physical and technical safeguards that ensure reasonable and appropriate protection of the confidentiality, integrity and availability of the electronic PHI through the encryption and password protection of all electronic files.

CARESIMPLE PRIVACY POLICY

MICROSOFT AZURE COMPLIANCE (CARESIMPLE IS HOSTED ON AZURE)

bsi iso13485

QUALITY

At CareSimple, the quality compliance assurance program refers to the identification, assessment, correction and monitoring of important aspects designed to enhance the quality of CareSimple and its related services. Also, it establishes and maintains set requirements for developing and manufacturing a more reliable medical device and is in conformity with the regulatory requirements in each jurisdiction that the platform is deployed. To comply with such quality requirements, in 2020, CareSimple obtained certification for the ISO 13485:2016, a known quality management system standard for medical devices. Also, to ensure the compliance of this standard there are a few measurable procedures which validates that these requirements are met, i.e., management review, internal and external audit, employee trainings, risk control, and analysis of data (KPIs).

At Tactio, the quality compliance assurance program refers to the identification, assessment, correction and monitoring of important aspects designed to enhance the quality of CareSimple and its related services. Also, it establishes and maintains set requirements for developing and manufacturing a more reliable medical device and is in conformity with the regulatory requirements in each jurisdiction that the platform is deployed. To comply with such quality requirements, in 2020, Tactio obtained certification for the ISO 13485:2016, a known quality management system standard for medical devices. Also, to ensure the compliance of this standard there are a few measurable procedures which validates that these requirements are met, i.e., management review, internal and external audit, employee trainings, risk control, and analysis of data (KPIs).

View the certificate

bsi iso27001

SECURITY

CareSimple operates under a rigorous Information Security Management System (ISMS) whereas the ISO 27001:2013 certification was obtained in 2020. An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes. CareSimple is committed to the highest standards when it comes to information security management. In order to deliver this commitment, CareSimple has a set of security objectives: protect privacy, ensure integrity, constantly improve, plan & manage, be recognized, and assess & review.

Tactio operates under a rigorous Information Security Management System (ISMS) whereas the ISO 27001:2013 certification was obtained in 2020. An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes. Tactio is committed to the highest standards when it comes to information security management. In order to deliver this commitment, Tactio has a set of security objectives: protect privacy, ensure integrity, constantly improve, plan & manage, be recognized, and assess & review.

View the certificate

regulatory

REGULATORY

Per the FDA 513(g) Request for Information process, CareSimple is classified as a Non-Device-Medical Device Data System (MDDS) and therefore meets current US FDA requirements. It is under review for class IIa in Europe and class II in Canada.

Currently, CareSimple is a Class 1 medical device that has been registered in all jurisdictions that the platform is commercialized. Tactio is working towards getting certifications for the class IIa in Europe and class II in the United States and Canada (MDSAP).

Canada: Health Canada

Europe: ANSM