HIPAA Compliance at Finsight

Overview

At Finsight, we understand the rigorous data privacy requirements of the healthcare and life sciences industries. To support these sectors, we have implemented a specialized compliance framework for the storage and transmission of Protected Health Information (PHI).

Scope of Compliance

Finsight's HIPAA compliance is strictly scoped to ensure the highest level of integrity and control. Compliance is applicable only under the following conditions:

• Product: DealVDR
• Transaction Type: HIPAA-Compliant

HIPAA compliance is not enabled by default for Finsight products. It must be specifically configured at the onset of a DealVDR project to ensure all necessary administrative, physical, and technical safeguards are active.

Our HIPAA Safeguards

For eligible DealVDR transactions, Finsight employs a multi-layered security approach:

• Business Associate Agreements (BAA): Finsight will execute a BAA with covered entities and business associates to formally clarify responsibilities regarding PHI.
• Data Encryption: All PHI is encrypted at rest using AES-256 and in transit via TLS 1.2 or higher.
• Access Control & Auditing: Granular permission settings and immutable audit logs ensure that only authorized personnel can access sensitive health data, with every action fully tracked.
• Infrastructure Security: Data is hosted in SOC 2 Type II and HIPAA-compliant data centers with 24/7 monitoring and strict physical access controls.

Getting Started

If your transaction involves the exchange of Protected Health Information, please contact your Finsight representative to ensure your DealVDR environment is provisioned correctly for HIPAA compliance.

If you have any questions or would like additional information, please reach out to security@finsight.com with any questions.

Last Updated: April 25, 2026