At DigitalRX.io, Security is our Top Priority.
Key Areas of Focus:
1. Encryption at Rest
Encrypted with AES-256 encryption for data at rest.
2. Encryption in Transit
TLS encryption for data in transit to protect data during transmission.
3. Role-Based Access Control (RBAC)
Implemented RBAC mechanisms to restrict access to customer health data.
4. User Authentication
Implemented Multi-Factor Authentication (MFA) & strong password policies
5. Privacy by Design and Default
Implemented encryption, data minimization, access controls, and user privacy options.
6. Secure Protocols and APIs
Use of secure protocols and APIs, such as HTTPS, for data transmission.
7. Cybersecurity Practices
Prevention of intrusions and prompt response to issues.
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Data Encryption
Our platform is encrypted with AES-256 encryption for data at rest to protect patient information from unauthorized access or breaches.
✅ No Action Required
TLS Encryption for Data in Transit n
We utilize TLS encryption for data in transit to protect data during transmission between users and servers
✅ No Action Required
Access Only to Authorized Users
Only authorized users can access sensitive data. You can manage access rights for your patient data through your admin portal ensuring they only view or edit data they are permitted to access.
⚠️ Your Action Required
Business Associate Agreement (BAA)
We facilitate you with a ready-to-sign BAA, ensuring compliance and safeguarding sensitive details.
✅ No Action Needed
Data Processors and Data Controllers
DigitalRX.io acts as the data processor, while you are the data controller, giving you control over how data is processed.
✅ No Action Needed
Data Backup and Recovery:
We provide mechanisms for regular data backups and ensure that there are recovery processes in place in case of data loss or system failures.
✅ No Action Needed
Employee Training
You must provide comprehensive HIPAA training to all your employees on a regular basis. Ensure your staff are aware of their responsibilities in safeguarding PHI.
⚠️ Your Action Required
Consent for Data Processing
While we provide compliance support, it’s essential for you to secure explicit consent from your patients to store and process their data. We provide tools to facilitate this process.
⚠️ Your Action Required
Data Protection Officer
DigitalRX.io has appointed a Data Protection Officer (DPO) who handles inquiries from your clients regarding the processing of their personal data.
✅ No Action Needed
Secure Email and SMS Communication
We offer secure messaging systems both on the website and app, but you must ensure that you do not share PHI in your messages.
⚠️ Your Action Required
Risk Analysis
While we assist with risk assessments, you must conduct regular privacy and security risk assessments. Our team can support you in this process.
⚠️ Your Action Required
Third Party Integrations
You must ensure all third-party integrations are compliant with HIPAA standards and establish data processing agreements where necessary.
⚠️ Your Action Required
General Data Protection Regulation (GDPR) Compliance
Data Protection Impact Assessment (DPIA)
Under GDPR, a Data Protection Impact Assessment (DPIA) is mandatory. As a data controller, you must conduct this assessment, detailing technologies used for handling personal data, assessing client risks, and specifying security measures for data storage.
⚠️ Your Action Required
Data Portability and “Right to be Forgotten”
We support data portability and the right to be forgotten, ensuring your patients’ data can be transferred or deleted upon request.
✅ No Action Needed
Data Breach Notification Requirement
Under GDPR, you must promptly inform the Danish Data Protection Agency of any data breach we report within 72 hours. We assist with the technical aspects of the notification.
⚠️ Your Action Required
Documentation of Compliance
Maintain documentation of compliance with data protection regulations. Notify us promptly of any data breaches to ensure timely and appropriate responses.
⚠️ Your Action Required
Privacy by Design and Default
We have integrated privacy by design and default principles into our platform to protect patient data. This includes implementing encryption, data minimization, access controls, and user privacy options to ensure compliance with GDPR regulations and build trust with users.
✅ No Action Needed
Data Protection Officer
DigitalRX.io has appointed a Data Protection Officer (DPO) who handles inquiries from your clients regarding the processing of their personal data.
✅ No Action Needed
Consent for Data Processing
While we provide compliance support, it’s essential for you to secure explicit consent from your patients to store and process their data. We provide tools to facilitate this process.
⚠️ Your Action Required
DISHA Compliance
Electronic Health Record (EHR) Standards
We ensure that our platform supports compliance with DISHA requirements for maintaining electronic health records.
✅ No Action Needed
Protected Health Information (PHI) Encryption
We have implemented AES-256 encryption for data at rest to secure stored patient health data as per DISHA regulations.
✅ No Action Needed
TLS (Transport Layer Security) Encryption for Data in Transit
We utilize TLS encryption for data in transit to protect data during transmission between users and servers, aligning with DISHA requirements.
✅ No Action Required
Role-Based Access Control (RBAC) Mechanisms
We have implemented RBAC mechanisms to restrict access to patient health data based on user roles and responsibilities, in line with DISHA guidelines.
✅ No Action Required
Consent Management for Data Sharing
While we provide compliance support, it’s essential for you to secure explicit consent from your patients to store and process their data. We provide tools to facilitate this process.
⚠️ Your Action Required
User Authentication and Access Controls
We have implemented user authentication mechanisms, such as multi-factor authentication (MFA) and strong password policies, to verify user identities securely and ensure that only authorized personnel can access sensitive information
✅ No Action Required:
Data Privacy Policies and Transparency
You must ensure transparency and clarity in data privacy policies for your patients and stakeholders, meeting DISHA compliance standards.
⚠️ Your Action Required
Secure Protocols and APIs
We utilize secure protocols and APIs, such as HTTPS, for data transmission to ensure data security during transit as per DISHA regulations.
✅ No Action Required
Security You Can Trust
At DigitalRX.io, we are committed to protecting your privacy and ensuring the highest standards of data security. Your trust in us is our top priority. We understand just how important cybersecurity is in healthcare, which is why we’ve taken a unique approach to safeguarding your data.