Security without compromise.
We take system and information security extremely seriously at GoDoctor, and we’ve put in place policies, processes, and procedures to ensure the confidentiality, integrity, and availability of all data in our hands.
Cloud Security
Run your practise with the assurance that your data is safe. All GoDoctor applications, information, and records are saved in our managed cloud environment, allowing you greater flexibility and security than is achievable with application service providers (ASP) and client-server software programmes on-premises. All of our systems are thoroughly examined and protected utilising the greatest levels of security and encryption.
Multi-factor Authentication
Traditionally, technology businesses have used “username and password” to control internet access to data and applications, which might make attackers easy victims. Logins can be compromised in minutes in today’s Internet world, putting your personal patient, and financial data at risk.
GoDoctor provides free MFA (multi-factor authentication) or 2FA (two-factor authentication) as a service to add an extra layer of security to your login verification that works in conjunction with your username and password by adding a second security code that only you can access to your login verification (such as receiving the code in your email account). MFA is available throughout our whole technology portfolio via a variety of delivery modalities, including SMS (text message), email, and an authenticator app.
Information Security Management
GoDoctor has an information security management programme that follows ISO 27001 requirements in general. This programme uses a multidisciplinary risk management strategy to improve our security posture over time. GoDoctor goods, business processes, and technical infrastructures all have numerous layers of security.
Annual Risk Assessment
Risk assessments of the GoDoctor infrastructure, business processes, and other locations where ePHI could be released are performed at least once a year. The results of such evaluations are used to make risk management decisions about how to reduce risk to a manageable level. Risk assessment approaches concentrate on areas of business and technological operations where ePHI could be exposed to unauthorised access, disclosure, destruction, or other breaches of confidentiality, integrity, or availability.
The data from risk assessments are then sorted and categorised according to the level of risk. The information acquired and decisions made by examining the possibility of a danger and the threat’s resultant repercussions are used to determine risk. Findings are then categorised into risk concerns, which are documented and tracked until an acceptable solution is found.
Security Program Overview
Dedicated security and privacy officers are in charge of security. A cross-departmental compliance committee meets on a regular basis to ensure that all applicable laws and regulations (such as HIPAA/HITECH and Meaningful Use) are followed. HIPAA policies and procedures are documented. We demand HIPAA and security awareness training for all employees.
Technical Safeguards
Our security is protected by numerous layers of technical protection. Hardened network and operating systems, DMZs (multi-tiered firewalls and routers), intrusion detection systems (IDS), deep packet inspection (DPI) technologies, system policy and configuration management solutions, data loss prevention (DLP) technologies, secure, encrypted electronic communications, access, utilisation, audit and event monitoring, logging and trend correlation, encryption, and encryption.
Information Security Incident Management
Critical incident response protocols, escalations based on the classification or severity of the issue, incident contact lists, and root cause analysis and remediation plans are all part of our information security incident management solutions.
Business Continuity & Disaster Recovery
Electronic hourly backups of all client data to offsite locations, backup verifications to ensure the integrity and recoverability of backup data, server clustering, and redundant systems to the extent possible, detailed business impact analysis and recovery strategies, crisis and incident command structures, and BCP and DR plan testing are all part of GoDoctor’s business continuity and disaster recovery programs.