At Family First (FF), the security and privacy of our users' data are of paramount importance. As a global leader in delivering caregiving services through our cloud-based web and mobile app platform, we recognize the critical responsibility we bear in safeguarding personal health information (PHI). Our approach to security ensures that our users can trust us with their most sensitive data, knowing that we adhere to the highest standards of protection and compliance. 

Security Certifications and Compliance 

Family First is proud to hold the SOC 2 Type 2 certification, a rigorous standard that evaluates the effectiveness of our security controls over time. This certification demonstrates our commitment to maintaining robust security practices and ensuring the confidentiality, integrity, and availability of our systems and data. 

In addition to our SOC 2 Type 2 certification, we fully comply with Privacy regulations for protecting PHI data, including: 

  • Health Insurance Portability and Accountability Act (HIPAA): In the United States, we adhere to the stringent requirements of HIPAA, ensuring that PHI is handled with the utmost care and protected against unauthorized access and breaches. 
  • Privacy Management: Regulations including California Consumer Privacy Act (CCPA) and EU General Data Protection Requirements (GDPR) direct our data protection and management strategies while respecting individuals' rights to privacy and data security.   

Robust Security Measures 

To protect our users' data, Family First employs a multi-layered security strategy that includes: 

  • Encryption: Data, whether at rest or in transit, is encrypted using industry-standard protocols to prevent unauthorized access and ensure data confidentiality. 
  • Access Controls: We implement access control measures, ensuring that only authorized personnel can access PHI. Role-based access controls and multi-factor authentication further enhance security. 
  • Continuous Monitoring: Our security operations center (SOC) continuously monitors our systems for suspicious activity or potential threats. Real-time threat detection and response capabilities allow us to quickly address and mitigate security events and incidents. 
  • Regular Audits and Assessments: We conduct regular security audits and assessments to identify and address vulnerabilities. Our commitment to continuous improvement ensures that our security posture evolves in response to emerging threats and industry best practices. 
  • Business Continuity and Disaster Recovery: Family First has business continuity and disaster recovery plans in place to ensure the availability of our services in the event of an unforeseen disruption. These plans include regular data backups, redundancy across critical systems, and detailed procedures for rapid recovery, ensuring that our users experience minimal downtime and uninterrupted access to essential healthcare services. 
  • Third-Party Risk Management: We rigorously assess and manage risks associated with third-party vendors and business associates. Family First requires third parties with access to our systems or data to adhere to stringent security standards and undergo regular security reviews. Our third-party risk management program includes thorough due diligence, contractual security requirements, and ongoing monitoring to ensure compliance and mitigate potential risks.
     

User Empowerment and Education 

At Family First, we believe that security is a shared responsibility. We empower our users with the knowledge and tools they need to protect their data, including: 

  • Security Awareness Training: We provide security training for our employees, ensuring they understand the importance of data protection and are equipped to recognize and respond to potential threats. 
  • User Resources: Our users have access to a wealth of resources, including security tips and best practices, to help them safeguard their accounts and personal information.
     

Transparency and Trust 

We are committed to transparency in our security practices. Users can trust that we are open and honest about how we protect their data and are responsive to questions or concerns they may have. Our dedication to maintaining the highest standards of security and privacy is unwavering, and we continuously strive to earn and maintain the trust of our users. 

 

Family First Environmental Policy and Climate Change Commitment

At Family First, we are committed to operating in a way that prioritizes environmental responsibility and sustainability. As a 100% virtual healthcare organization, our environmental impact is minimal, but we recognize the importance of continuously improving our footprint. We strive to minimize energy consumption through the efficient use of cloud-based technologies and collaborate with partners who share our values for sustainability and environmental stewardship. Our environmental policy is guided by our commitment to reducing our carbon footprint, supporting renewable energy, and mitigating the effects of climate change. This policy outlines our approach to addressing key environmental concerns, including energy efficiency, climate change mitigation, and responsible resource usage.

  1. Energy Efficiency and Cloud Services: We rely on cloud infrastructure providers that prioritize energy efficiency and use renewable energy sources. We actively monitor and select partners who adhere to stringent environmental standards to reduce the indirect environmental impact of our operations. See MicroSoft’s Advance Sustainability, Azure Cloud Sustainability, MicroSoft’s Climate Commitment and RingCentral.
  1. Climate Change Mitigation: We recognize the urgent need to address climate change and are dedicated to minimizing our carbon footprint by reducing energy consumption and promoting virtual collaboration. Our cloud service partners utilize renewable energy sources, aligning with our goal to support low-carbon operations.
  1. Waste Reduction: As a fully digital organization, we avoid generating physical waste and harmful byproducts. We ensure that our operations do not result in material discharges to air, land, or water. 
  1. Sustainable Practices: We promote sustainable practices within our operations, encouraging remote work, digital communications, and paperless workflows to reduce our overall environmental impact.

Family First is dedicated to maintaining sustainable business practices that align with our values and the expectations of our clients and stakeholders. We continuously assess and improve our environmental policies to ensure we contribute positively to global efforts in addressing climate change. While our operations have a limited direct environmental impact, we remain committed to reducing our footprint by working with responsible partners and adopting best practices in sustainability. This policy will be reviewed regularly to ensure we meet evolving environmental standards and demonstrate our commitment to a healthier planet. We believe that taking proactive steps today will help secure a better tomorrow for future generations.

 

Conclusion 

Family First is dedicated to providing a secure and trusted platform for delivering caregiving services. Our robust security measures, compliance with international regulations, and commitment to continuous improvement ensure that our users' data is always protected. We take our responsibility seriously and are committed to maintaining the highest standards of security and privacy for our users worldwide. 

For additional information, see System Description and Controls.