General

Our Commitment to Data Privacy and Security: Berry Achieves HIPAA Compliance

Jennifer Klepper

3 min read

We built Berry to provide the best information and tools fertility patients need in order to be informed and effective self-advocates during treatment. Supporting patients also means protecting their private health data. To that end, we are pleased to have obtained a HIPAA compliance report from Prescient Assurance, a leader in security and compliance attestation for B2B, SAAS companies worldwide, confirming that Berry manages data with the highest standard of security and compliance.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. These standards take the form of regulations surrounding both privacy and security.

When patients and providers work with Berry, they can expect a team dedicated to making Berry the model of how a health app should handle patient information. In an era where digital health services are transforming the healthcare landscape, building tools with privacy and security-first principles in mind is more important than ever. We make a commitment to our customers to be transparent in matters regarding data privacy and to treat their data as if it were our own. 

As a HIPAA-compliant solution provider, Berry can sign Business Associate Agreements and enter into partnerships with healthcare providers, electronic health records companies, and health plans to make it easier than ever for patients to monitor and manage their fertility treatment.

From the very beginning, privacy and security have been a priority for Berry. With expertise in security, legal compliance, and medicine, our team has built Berry’s systems from the ground up to meet HIPAA’s stringent requirements for safeguarding personal health information.

Prescient Assurance Badge of HIPAA Compliance

Achieving HIPAA compliance is not easy. But when you have a strong engineering team, a dedicated staff, and good partnerships, it becomes embedded in your process.

  • Technical systems. Our engineering team has designed and implemented Berry products with security-first architectures in mind, including safeguards like encryption technology, backup and disaster recovery procedures, access control policies, and data log monitoring — in many cases going beyond HIPAA requirements in order to achieve a higher level of security.

  • Policies and training. We have company-wide policies and regular employee training focused on privacy and security to ensure an educated staff that understands not just the parameters of compliance but why it’s critical for the people who rely on and trust Berry. 

  • Outside monitoring. We work with Drata, a security and compliance automation platform that continuously monitors and collects evidence of our security controls.

One compliance audit doesn’t mean we’re done: privacy and security are an ongoing part of our business. As Berry grows, we’re committed to monitoring and improving our systems and processes and will continue to engage with independent examiners to verify our efforts. After all, being a good healthcare partner means protecting what matters most: the patient.


To learn more about working with Berry, contact us.