MOVO-X
Loading MOVO-X…
MOVO-X is engineered to meet the data-protection requirements of every market we serve. This page is the source of truth for what regimes we cover, how we cover them, and what documentation is available for procurement and audit.
Information security management. Architectural alignment with all 114 controls. External certification target on enterprise tier.
Security, Availability, Confidentiality, Processing Integrity, Privacy. Report cadence: annual on enterprise tier.
FHIR-compatible APIs for clinical data exchange. Patient, Encounter, Observation, Practitioner, MedicationRequest resources.
Clinical coding for diagnoses, procedures, and clinical findings — required for regulator reporting in most jurisdictions.
Aligned to WHO Digital Adaptation Kit and Digital Health Atlas registration framework.
AI deployments follow OECD Principles for Trustworthy AI: human oversight, fairness, transparency, accountability.
Architecture forward-compatible with EU AI Act high-risk-AI requirements; risk classification documented per AI feature.
Identify · Protect · Detect · Respond · Recover. Operational practices map to NIST CSF subcategories.
The following list is non-exhaustive — full mapping to specific clauses is provided per-deployment as part of any RFP response. Where a regime requires in-country data residency, that option is available; where adequacy decisions are pending, our cross-border posture is documented and signed off by counsel.
| Region | Regime | Authority | MOVO-X posture |
|---|---|---|---|
| Europe (EU) | EU GDPR (Regulation 2016/679) All 27 EU member states | European Data Protection Board | Full alignment — DPA template available, sub-processor list maintained, breach notification within 72h. |
| Europe (EEA) | EEA Privacy Frameworks EEA non-EU members | Iceland · Liechtenstein · Norway DPAs | Mirror EU GDPR posture under EEA agreement. |
| United Kingdom | UK GDPR + Data Protection Act 2018 England, Scotland, Wales, Northern Ireland | Information Commissioner's Office (ICO) | Full alignment, including UK ICO breach reporting and ROPA. |
| Switzerland | Swiss FADP (revised 2023) Switzerland | Federal Data Protection Commissioner | Compliant. Cross-border data transfer assessment available. |
| United States | HIPAA Security & Privacy Rules Protected Health Information for US healthcare operators | HHS Office for Civil Rights | BAA-eligible. Encryption, access logs, audit trail align with HIPAA technical safeguards. |
| United States | CCPA / CPRA (+ state laws) California, Virginia, Colorado, Utah, Connecticut, others | California Privacy Protection Agency | Compliant. Data subject access, deletion, and opt-out endpoints available. |
| Canada | PIPEDA + Quebec Law 25 + provincial PIPAs Federally regulated entities and provinces | Office of the Privacy Commissioner of Canada | PIPEDA-aligned. Quebec Law 25 cross-border posture documented. |
| Brazil | LGPD (Lei nº 13.709/2018) Brazilian residents | Autoridade Nacional de Proteção de Dados (ANPD) | Compliant. Brazilian data residency available; data-subject rights tooling integrated. |
| Mexico | LFPDPPP (Federal Law) Personal data held by private parties | INAI | Compliant. Privacy notice template per LFPDPPP form. |
| Argentina | Ley 25.326 (Personal Data Protection) Argentine residents | Agencia de Acceso a la Información Pública | Compliant. Adequate-country posture maintained for EU transfer compatibility. |
| Singapore | PDPA 2012 (Singapore) Personal data of individuals in Singapore | Personal Data Protection Commission | Compliant. PDPC notification and consent forms integrated. |
| Malaysia | Personal Data Protection Act 2010 Personal data processed for commercial transactions in Malaysia | Department of Personal Data Protection (JPDP) | Compliant. JPDP registration completed for the data-user category. |
| Thailand | PDPA 2019 (Thailand) Thai residents | Personal Data Protection Committee (PDPC TH) | Compliant. Thai data-residency option available for in-country deployments. |
| Indonesia | UU PDP 2022 Indonesian residents | Ministry of Communication and Informatics (Kominfo) | Compliant. Indonesian data-residency available; breach-notification flow integrated. |
| Philippines | Data Privacy Act 2012 (RA 10173) Personal information in the Philippines | National Privacy Commission | Compliant. NPC registration and DPO appointment supported. |
| Vietnam | Decree 13/2023/ND-CP Vietnamese residents | Ministry of Public Security | Compliant. Cross-border data-transfer assessment available. |
| India | DPDP Act 2023 Digital personal data of Indian residents | Data Protection Board of India | Compliant. Significant Data Fiduciary obligations supported where applicable. |
| Japan | APPI (Act on Protection of Personal Information) Japanese residents | Personal Information Protection Commission (PPC) | Compliant. APPI-compliant cross-border transfer agreement in place. |
| South Korea | PIPA (Personal Information Protection Act) Korean residents | Personal Information Protection Commission | Compliant. PIPA cross-border safeguards documented. |
| China | PIPL 2021 Personal information processed in China | Cyberspace Administration of China | Compliant. Mainland data-residency required; cross-border transfer requires CAC approval. |
| Taiwan | PDPA Taiwan (Revised 2023) Taiwan residents | Personal Data Protection Commission | Compliant. Taiwan data-residency option available. |
| Hong Kong | PDPO Cap. 486 Hong Kong personal data | Office of the Privacy Commissioner for Personal Data | Compliant. Data User Code of Practice for Healthcare followed. |
| Australia | Privacy Act 1988 + Australian Privacy Principles Australian Privacy Principles entities | Office of the Australian Information Commissioner | Compliant. APP-aligned data handling; eHealth Records Act provisions where applicable. |
| New Zealand | Privacy Act 2020 New Zealand residents | Office of the Privacy Commissioner | Compliant. Health Information Privacy Code 2020 alignment for clinical deployments. |
| UAE | UAE Federal PDPL 2021 + DIFC Data Protection Law UAE Federal + DIFC zone | UAE Data Office · DIFC Commissioner | Compliant under both regimes. UAE-region cloud option for sensitive deployments. |
| Saudi Arabia | PDPL 2021 + NCA Cybersecurity Framework Personal data processed in KSA | Saudi Data and AI Authority (SDAIA) | Compliant. NCA-aligned cybersecurity controls; in-Kingdom hosting available. |
| Qatar | Law No. 13 of 2016 on Personal Data Privacy Qatar residents | Compliance and Data Protection Department | Compliant. |
| Bahrain | PDPL 30/2018 Bahrain residents | Personal Data Protection Authority | Compliant. |
| Oman | PDPL 2022 (Oman) Oman residents | Ministry of Transport, Communications and IT | Compliant. |
| Israel | Privacy Protection Law 5741-1981 (amended 2024) Israeli residents | Privacy Protection Authority | Compliant. Adequacy-country posture maintained for EU transfer. |
| Turkey | KVKK – Law No. 6698 Turkish residents | Personal Data Protection Authority (KVKK) | Compliant. VERBIS registration supported. |
| South Africa | POPIA 2013 South African data subjects | Information Regulator (POPIA) | Compliant. Information Officer designation supported. |
| Nigeria | Nigeria Data Protection Act 2023 Nigerian residents | Nigeria Data Protection Commission | Compliant. |
| Kenya | Data Protection Act 2019 Kenyan residents | Office of the Data Protection Commissioner | Compliant. ODPC registration supported. |
| Ghana | Data Protection Act 2012 (Act 843) Ghanaian residents | Data Protection Commission | Compliant. |
| Egypt | PDPL 151/2020 Egyptian residents | Egyptian Personal Data Protection Centre | Compliant. |
| Russia | Federal Law 152-FZ Russian residents | Roskomnadzor | In-Russia data-residency required for citizen personal data; available on request. |
| Other 130+ jurisdictions | International privacy standards Constitutional privacy + sectoral rules | National DPAs | ISO 27001 + GDPR-equivalent practices applied as a defensible global floor. |
GDPR Article 28-compliant DPA template, executable as standalone or annexed to MSA.
Live list of every sub-processor with region, purpose, and compliance certifications. Email subscription for updates.
Encryption, access controls, audit logging, incident response, BCP/DRP — under NDA.
Annual third-party penetration test executive summary. Full report under NDA.
EU SCCs (2021), UK IDTA + addendum, ASEAN MCCs where applicable.
Records of Processing Activities template pre-populated for typical clinic / hospital deployment.
Per-jurisdiction patient-facing privacy notice templates in local language.
Documented incident-response runbook with regulator-notification timelines.
Per-control mapping with implementation evidence.
Hospital networks, ministries, and enterprise health systems run multi-stakeholder compliance reviews. Our team supplies whatever documentation your auditors need — usually within 5 business days of NDA execution.