Name | Security accreditations | Nature & Purpose | Geographical Location | Encryption at rest | GDPR Compliant | Stores personal data | Stores special category data | Person / team who can view data | Encryption in transit |
---|---|---|---|---|---|---|---|---|---|
ISO 27001, ISO 27018, SOC 1, SOC 2, SOC3, FedRAMP, HITRUST, MTCS, IRAP, and ENS. | Healthtech 1 controls access to the infrastructure that we use to store and process the data on the platform. We use Microsoft Azure's secure cloud hosting service to securely store and process patient data. The Azure regions used are exclusively located in the UK, for both live, test and backup environments. | UK 🇬🇧 | Yes ✅AES-256 | Yes | For Microsoft’s Online Services (e.g. Office 365, Azure, Dynamics), normal operations are managed without access by Microsoft personnel. In some cases, support, troubleshooting, or service maintenance requirements (triggered by Healthtech-1) may require Microsoft personnel to access the customer’s data. | Yes ✅TLS 1.2 | |||
ISO/IEC 27001, ISO/IEC 27017 & 27018, SOC 2 Type 2, PCI DSS Level 1 and PCI DSS Level 4. | Healthtech 1 enables users to send SMS messages to patients. We use third party gateways for the delivery of those SMS messages. They provide APIs that the Healthtech 1 server uses to send these messages. We don’t deliberately store data in this location but through processing of data and sending text messages, Twilio keep logs for 30 days. | US 🇺🇸 | Yes ✅AES-256 | YesData Processing Addendum | We do not provide such granular detail on the information requested for security reasons. You can learn more about Twilio's GDPR compliance at https://www.twilio.com/gdp r, or view our Data Protection Addendum, https://www.twilio.com/legal/data-protection-addendum , or Privacy Notice https://www.twilio.com/legal/privacy#when-and-why-we-share-your-personal-information-or-your-end-users-personal-information for additional information. | Yes ✅TLS 1.2 | |||
Customer.io is an email campaign service provider used within Healthtech 1 to send to communicate to with Patients on behalf of practices. | Belgium 🇧🇪 | Yes ✅HTTPSEncrypted at rest | YesData Processing Addendum | Customer.io employees cannot access your account, workspaces, or the data you store in Customer.io | Yes ✅128-bit SSLHTTPS | ||||
Postmark is an email delivery service provider used within Healthtech 1 to send notification emails to practices. | US 🇺🇸 | Yes ✅2048-bit RSA | Data Processing AddendumYes | Access control: We restrict access to personal data only to our employees, contractors, and agents who need to know this information in order to operate, develop, or improve our service. Only a select few have access to the servers where data is stored. We go to great lengths to ensure the right balance between support and secure infrastructure. Employees can only access accounts if they have explicit permission from an account owner or the account is in review for compliance with the Postmark Terms of Use. The only teams that have access are customer support and engineering. | Yes ✅256-bit SSL |