In general, Tidepool is an extremely open organization. Part of our mission is to transfer as much of our knowledge, intellectual property and work product to the public as we can, because we feel like that's better for the diabetes community. Examples of things that we explicitly make public:
Our source code.
Our finances (e.g., tax returns, audit documents and other public filings).
Our regulatory quality system.
Our user interface designs.
Our product planning boards.
This Employee Handbook
Even with our commitment to openness, we don't make everything public. For example:
...
And, of course, we keep all of our user's Protected Health Information (PHI) confidential. As part of your onboarding, and then each year thereafter, you will be required to read HIPAA training and to undergo an audit of your computer and mobile devices. Our publicly available HIPAA training materials and audit template documents are herecan be found here (internal-only).
In general, unless your job requires you to do so (e.g., for a project, or for debugging a specific issue, or for providing customer support), you should never make copies or publicly reveal any of our user's info, including names, email addresses or anything they store in their Tidepool account (on prd or int - which house our HIPAA-compliant data).
It may not always be obvious what is and is not confidential. If you are ever unsure, it's always best to assume that it is confidential and ask the Chief Privacy Officer (currently Howard).
...
Back to:
| Page Tree | ||
|---|---|---|
|