Do’s & Don’ts of Bayesian Dosing 👩🏼💻Watch Now →
DoseMe is committed to maintaining the integrity and security of hospital and patient data. As DoseMeRX and DoseMe (hereafter DoseMe) are a cloud-based offering, we outline here the implications and the steps taken to ensure that any data stored in DoseMe remains secure, and that personal health information remains private.
DoseMe considers all patient data entered by customers to be owned by these customers, and/or the patient themselves where applicable. DoseMe does license back the use of de-identified patient data entered, so that:
DoseMe will generate reports, as well as export data for use in research or otherwise as determined by the owner of the data.
DoseMe considers that maintaining the confidentiality of patient data to be of paramount importance. DoseMe accordingly has taken steps in terms of ownership of data, and security of data transmission and storage. We detail these steps below in the section “Practical Data Security and DoseMe”.
DoseMe also complies with the EU General Data Protection Regulation (GDPR), 2016/679.
In order to comply with these laws and directives, DoseMe is committed to storing data in the jurisdiction in which it is owned. For Europe, all data is stored in Microsoft Azure datacentres held within the EU.
DoseMe uses a 2048 bit SSL certificate, issued by Comodo’s Certificate Authority. This is the same strength encryption as banks use. SSL certificates issued by a Certificate Authority provide two main benefits:
DoseMe also regularly benchmarks the performance of its encryption against current best practices to ensure that any changes in best practice (e.g. such as disabling SSL3.0) are rapidly applied. At the time of writing, DoseMe achieved an “A” grade for security by the industry-standard SSL grading site, SSL Labs.
All communication to and from our mobile devices are encrypted, and the endpoint to which the DoseMe App communicates is verified as being owned by DoseMe.
Any data cached on the device for the purposes of displaying and using DoseMe is encrypted.
All web access to DoseMe occurs over secured (via SSL) channels only. This can be verified by the presence of the padlock in your web-browser. All content, whether patient-identifying data, or the DoseMe logo is transmitted over encrypted channels.
DoseMe uses Microsoft Azure (Azure) as its hosting service. Using Azure provides several benefits, including:
Azure has multiple sites across the world, giving DoseMe the ability to store data in the same legal jurisdiction as where it has been generated. Azure has a wide range of leading hospitals and health services, including NHS England and Dartmouth-Hitchcock Medical Center.
Azure is compliant and audited to relevant quality, data security, and healthcare standards. These include:
Azure is regularly audited to these standards, and can provide further information upon request.
For enterprise customers who have an absolute requirement of local, on-premise storage of patient data, DoseMe could deploy either a hybrid-cloud, or fully in-house deployment DoseMe, however, recommends against this style of deployment, as Microsoft Azure typically provides both a high-availability and a significantly higher security hosting environment than most corporate datacentres.
DoseMe also uses local physical infrastructure, hosted in Brisbane, Australia for development purposes and availability monitoring. No identifiable patient data is transferred to or from this facility.
No patient data is ever stored on-premise.
DoseMe has been designed with the ability to apply role-based access rules in terms of who can access which patients, and features within DoseMe. These rules are typically developed in conjunction with customers to suit their business requirements.
As part of DoseMe’s medical device accreditation, DoseMe is committed to continually reviewing and maintaining systems that DoseMe has in place. These include standard schedules for server and software maintenance, and the regular reviewing of these procedures.
If you have any further questions, queries, or would like any clarification, please contact us.