Nomi Health Control Framework

Nomi Health, Inc. ("Nomi Health") captures and processes a range of personal, financial and health care information in order to deliver our healthcare operations and financial services. We take personal privacy seriously and publish our privacy and HIPAA notices on our website.

Nomi Health implements a range of protective and detective controls in an effort to secure your data and our systems. In this way we strive to ensure the confidentiality, integrity, availability, and privacy of your data. Because there are persistent and unknown data security threats, we have sought to build in security controls from the ground up, including by verifying users and visitors, not presuming that every contact with our systems is trustworthy. These measures include security policies as well as system configuration and hardening standards. Additionally, we require the encryption of all data inflight and at rest as well as authentication of all data access requests.  Our systems are subject to routing patching and security scanning by reputable security tooling as well as periodic penetration testing.  We operate an automated production environment with limited direct human interaction. We also monitor all systems and log key activity to allow us to alert on anomalous activity.