Tiro.health trust center

Your trust is our priority. Discover how we protect your data, maintain compliance, and ensure security in healthcare data capture.

At Tiro.health, we uphold a comprehensive security & privacy program that aligns with industry best practices to support the needs of our customers. This makes Tiro.health a trusted choice for those with compliance requirements, including GDPR and ISO 27001.

ISO 27001 certified

GDPR compliant

FHIR conformant

ISO 27001

Tiro.health is certified as ISO 27001 compliant, following an external audit. Our complete statement of applicability is available for viewing by any interested party upon request. All ISO 27001 controls are applicable and implemented in our ISMS. A short summary:

🔒 Confidentiality

Protecting your data from unauthorized access and disclosure.

Encryption policy

All sensitive data is encrypted both at rest and in transit using industry standards.

Access control

Role-based access controls and ensure only authorized users can access specific data.

Data retention and disposal policy

We only retain data necessary for utilizing our services, for the required duration, in EU-based data centers.

Data classification policy

Data is labeled and handled according to its sensitivity level.

Privacy policy

Outlines how we collect, use, and protect personal data in compliance with GDPR.

🛡️ Integrity

Ensuring accuracy, consistency, and trustworthiness of your data.

Change management policy

All system changes follow structured review, approval, and testing processes.

Segregation of environments

Production, staging, and development environments are fully separated.

Secure development policy

Secure coding practices are embedded into the software development lifecycle.

Information security policy

Sets out our overall approach and controls for managing information security.

Roles and responsibilities

Clearly defined responsibilities ensure accountability for data and system integrity.

🟢 Availability

Ensuring reliable and timely access to systems and your data.

Automated backup process

Regular automated backups are taken and securely stored.

Business continuity and disaster recovery policy

Plans are in place to restore service and data quickly in case of disruptions.

Incident response plan

Enables prompt detection, response, and recovery from security incidents.

Automated alerting for security events

Real-time monitoring and alerts detect unusual or malicious activity.

🚧 Risk & vulnerability assessment

Identifying, evaluating, and mitigating potential threats to systems and data.

Supplier risk policy

Evaluates and manages risks associated with third-party service providers.

Risk register

Central log of identified risks, assessments, and mitigation actions.

Treatment policy

Outlines how we respond to and reduce identified risks.

Vulnerability and patch management policy

Regular scanning and patching of systems to address vulnerabilities.

Third-party penetration test

Independent security experts conduct annual penetration testing.

Network security policy

Controls in place to protect against internal and external network threats.

🏢 Organizational management

Establishing policies, roles, and responsibilities to support information security.

Information security policy

Governs how we protect information across the organization.

Acceptable use policy

Defines proper use of company systems and data by employees.

Access management & identity control

Strong authentication and identity verification practices.

Incident management & business continuity

Structured processes for responding to incidents and maintaining operations.

Supplier & cloud security

Ensures cloud providers and partners meet our security requirements.

Security awareness & training

Employees and new hires are regularly trained on security best practices and compliance standards.

Security FAQ

For any questions relating to security or privacy, please email security@tiro.health

Is Tiro.health safe to use with patient data?

Tiro.health ensures data security by adhering to strict industry standards, including GDPR compliance, ISO 27001, and FHIR compatibility to protect sensitive patient information. The application employs advanced encryption methods both in transit and at rest, ensuring data is secure at all times. Regular security audits and stringent access controls further safeguard the integrity and confidentiality of the data.

What is Tiro.health's data retention policy?

We only retain the data necessary for utilizing our services, and solely for the required duration. Our data retention policy ensures timely data deletion and is customizable to comply with individual hospital policies.

How does Tiro.health ensure their vendors are secure?

Tiro.health implements a comprehensive vendor management program that includes rigorous security assessments, contractual security requirements, and ongoing monitoring. We only partner with vendors who meet or exceed our security standards and can demonstrate compliance with relevant regulations like GDPR. All third-party vendors undergo regular security reviews, and we maintain detailed records of all vendor security assessments. This ensures that the entire supply chain maintains the same high level of security that we commit to our customers.

Is Tiro.health GDPR compliant?

Yes, Tiro.health is fully GDPR compliant. We implement all necessary technical and organizational measures to ensure the protection of personal data. This includes data minimization, pseudonymization capabilities, user consent management, and features that support the rights of data subjects (access, rectification, erasure). Our platform includes tools for data protection impact assessments and maintains detailed processing records. We serve as a data processor, with our hospital customers acting as the data controllers, and our Data Processing Agreements clearly outline respective responsibilities. We follow a thorough screening process for sub-processors, keeping their number to a strict minimum.

Schedule a demo

Streamline your clinical documentation with secure structured data

Experience the peace of mind that comes with ISO 27001 certified data security while improving clinical efficiency.

Schedule a demo

“A huge time-saver”

Thanks to Tiro.health's dashboards, doctors from 14 different hospitals can track their quality indicators for inguinal hernia surgery online

Prof. Dr. Miserez

abdominal surgeon at UZ Leuven

“A huge time-saver”

Tiro.health proved to be a reliable partner for our hospital's data strategy

Nicky Vandervekens

Data scientist at AZ Maria Middelares

“A huge time-saver”

Thanks to Atticus from Tiro.Health, all Belgian vascular surgeons can participate in our registry, regardless of their EHR. Without additional administrative burden.

Prof. Dr. Fourneau

Vascular surgeon at UZ Leuven

“A huge time-saver”

Tiro.health has been a reliable partner since the beginning, supporting our clinical working groups with real-time insights into care quality

Prof. Dr. De Ridder

Director of quality at UZ Leuven