At Medicasimple, we recognise that the data you entrust to us is absolutely paramount - to you, your practice, and your patients. We, the Medicasimple team, labour relentlessly to shield the confidentiality, security and integrity of your account and associated data. We understand that the safeguarding of your data is the foundation of our success, and we pledge our daily commitment to ensuring that it remains under our vigilant protection.
In this document, we illuminate the detailed protocols we follow to uphold security at Medicasimple.
We are dedicated to ensuring that the hardware within the Medicasimple network is constantly secured. Medicasimple is powered by servers owned and operated by Amazon Web Services (AWS), a renowned industry leader that offers a highly adaptable cloud computing platform, situated within the boundaries of the European Union. AWS offers comprehensive security and privacy features as standard.,
Access to these data centres is heavily guarded and rigorously overseen using a variety of physical and digital measures, such as intrusion detection systems, environment security measures, around-the-clock onsite security personnel, biometric scanning, multi-factor authentication, video surveillance, and more. AWS upholds a strict least privileged basis for employees' data centre access, which is logged and audited on a regular basis.
AWS possesses a suite of reports, certifications and independent assessments to ensure state-of-the-art data centre security. Further information on AWS's data security can be found here: https://aws.amazon.com/security/ and here: https://aws.amazon.com/compliance/
The team at Medicasimple does not have physical access to our AWS servers. Electronic access to AWS servers and services is granted strictly to a select group of authorised Medicasimple personnel.
We ensure that all passwords are filtered from our logs and one-way encrypted in our database using the BCrypt algorithm.
Medicasimple staff members are not privy to your password. If you ever forget your password, you'll need to initiate the reset process to regain access to your account.
Accessing third-party services may require credentials such as passwords, OAuth tokens, and API keys. These are also encrypted and safely stored in our database. At any time, you can completely rescind Medicasimple's access to a service.
We go to lengths to ensure all practice data is duplicated and frequently backed up.
Securing Applications, Systems and Software
We have instated robust encryption via TLS across our application, helping to significantly reduce the risk of someone intercepting sensitive information such as username-password combinations.
We adhere to the best practices of the industry to patch potential gaps in the security policy of our application and the underlying systems, and to thwart common web attack vectors.
Medicasimple also maintains a robust application audit log to document security events, such as user logins and data modifications.
By ensuring that our software and its dependencies are always up to date, we can mitigate potential security vulnerabilities. We employ a broad spectrum of monitoring solutions to ward off and eliminate threats to the site.
All communication within the Medicasimple application is encrypted over 256-bit SSL - the same grade of encryption used by banks and financial institutions - ensuring that it cannot be intercepted by a third party.
The behaviour of its users often poses the greatest security risk to any system. We equip you with the tools needed to protect your own data. The security features within Medicasimple have been meticulously designed with stringent, enterprise-level security requirements in mind.
We offer a role-based administration system for user accounts. There are five roles available within Medicasimple.
Your Medicasimple account can be locked down to a pre-approved list of IP addresses. Any attempt to access Medicasimple from an unauthorised IP address will be rejected. We only suggest using this added security feature if your practice has a static IP address. You can find more details on how to enable it here.
We treat your data stored within MedicaSimple as strictly confidential to your practice and patients.
Our production environment is entirely isolated from other environments, such as development and testing. Medicasimple employees are granted access to systems and data based on their role in the company or on an as-needed basis.
Medicasimple staff can only access your data to assist with support, resolve customer issues, and as stated in our terms of service. When resolving a support issue, we strive to respect your privacy, accessing the bare minimum data needed to address your concern. You can prohibit Medicasimple support employees from accessing your data by disabling support access from your account settings.
Medicasimple adheres to industry best practices for design and development. We rigorously test new features to eliminate potential attacks like CSRF, XSS, SQLI, and more.
As the cyber threat landscape evolves, we continue to upgrade our security policies. Our engineering team consistently oversees ongoing security, performance, and availability. We subscribe to all relevant security bulletins to promptly address any security issues in the software we use.
All services used in Medicasimple comply with the Information Commissioner's Office (ICO) requirements for EU data protection.
Your Medicasimple terms of service agreement uphold the confidentiality of your practice data. As stated in the agreement, you retain full ownership of any data uploaded to Medicasimple.
Medicasimple guarantees a high level of system availability due to our robust infrastructure. We maintain transparency with availability and report all incidents on our status page.
If you find a potential security flaw in Medicasimple, we urge you to contact us without delay. We will investigate all credible reports and rectify any issues immediately. You can responsibly submit potential security vulnerabilities to security@medicasimple.com by following the guide below.
Share the details of any suspected vulnerabilities with Medicasimple's Security Team by emailing us at security@medicasimple.com.
Please do not publicly disclose these details without explicit written consent from Medicasimple. When reporting any suspected vulnerabilities, please include:
If you identify a verified security vulnerability in line with our Responsible Disclosure Policy, we commit to:
