DigitalPharmacy.io’s Commitment to Data Security & Privacy
As a pharmacist or a health store owner, you handle sensitive customer data. To support you in maintaining compliance with data protection regulations such as HIPAA, GDPR, and DISHA Compliances, we follow stringent guidelines and provide necessary tools and agreements.
Key Areas of Focus:
1. Encryption at Rest
Encrypted with AES-256 encryption for data at rest.
2. Encryption in Transit
TLS encryption for data in transit to protect data during transmission.
3. Role-Based Access Control (RBAC)
Implemented RBAC mechanisms to restrict access to customer health data.
4. Privacy by Design and Default
Implemented encryption, data minimization, access controls, and user privacy options.
5. Secure Protocols and APIs
Use of secure protocols and APIs, such as HTTPS, for data transmission.
6. Cybersecurity Practices
Prevention of intrusions and prompt response to issues.
Health Insurance Portability and Accountability Act (HIPAA) compliance
Data Encryption
Our platform is encrypted with AES-256 encryption for data at rest to protect patient information from unauthorized access or breaches.
✅ No Action Required
TLS Encryption for Data in Transit
We utilize TLS encryption for data in transit to protect data during transmission between users and servers.
✅ No Action Required
Access Only to Authorized Users
Only authorized users can access sensitive data. You can manage access rights for your pharmacy staff through your admin portal ensuring they only view or edit data they can access.
⚠️ Your Action Required
Business Associate Agreement (BAA)
We facilitate you with a ready-to-sign BAA, ensuring compliance and safeguarding sensitive details.
✅ No Action Needed
Data Processors and Data Controllers
DigitalPharmacy.io acts as the data processor, while you are the data controller, giving you control over how data is processed.
✅ No Action Needed
Data Backup and Recovery
We provide mechanisms for regular data backups and ensure recovery processes are in place in case of data loss or system failures.
✅ No Action Needed
Employee Training
You must provide comprehensive HIPAA training to all your employees on a regular basis. Ensure your staff are aware of their responsibilities in safeguarding PHI.
⚠️ Your Action Requiredregularly
Data Protection Officer
DigitalPharmacy.io has appointed a Data Protection Officer (DPO) who handles inquiries from your clients regarding processing their personal data.
✅ No Action Needed
Secure Email and SMS Communication
We offer secure messaging systems both on the website and app, but you must ensure that you do not share PHI in your messages.
⚠️ Your Action Required
Risk Analysis
While we assist with risk assessments, you must conduct regular privacy and security risk assessments. Our team can support you in this process.
⚠️ Your Action Required
Third Party Integrations
You must ensure all third-party integrations are compliant with HIPAA standards and establish data processing agreements where necessary.
⚠️ Your Action Required
General Data Protection Regulation (GDPR) Compliance
Data Protection Impact Assessment (DPIA)
Under GDPR, a Data Protection Impact Assessment (DPIA) is mandatory. As a data controller, you must conduct this assessment, detailing technologies used for handling personal data, assessing client risks, and specifying security measures for data storage.
⚠️ Your Action Required
Data Portability and “Right to be Forgotten”
We support data portability and the right to be forgotten, ensuring your patients’ data can be transferred or deleted upon request.
✅ No Action Needed
Data Breach Notification Requirement
Under GDPR, you must promptly inform the relevant supervisory authority within 72 hours of any data breaches. We assist with the technical aspects of the notification.
⚠️ Your Action Required
Documentation of Compliance
Maintain documentation of compliance with data protection regulations. Notify us promptly of any data breaches to ensure timely and appropriate responses.
⚠️ Your Action Required
Privacy by Design and Default
We have integrated privacy by design and default principles into our platform to protect patient data. This includes implementing encryption, data minimization, access controls, and user privacy options to ensure compliance with GDPR and build trust with users.
✅ No Action Needed
Data Protection Officer
DigitalPharmacy.io has appointed a Data Protection Officer (DPO) who handles inquiries from your clients regarding processing their personal data.
✅ No Action Needed
Third Party Integrations
You must ensure all third-party integrations are compliant with GDPR standards and establish data processing agreements where necessary.
⚠️ Your Action Required
DISHA Compliance
Customer Health Data
We ensure that our platform supports compliance with DISHA requirements for maintaining Customer Health Data.
✅ No Action Needed
Protected Health Information (PHI) Encryption
We have implemented AES-256 encryption for data at rest to secure stored customer health data.
✅ No Action Needed
Role-Based Access Control (RBAC) Mechanisms
We have implemented RBAC mechanisms to restrict access to customer health data based on user roles and responsibilities.
✅ No Action Required
Data Privacy Policies and Transparency
You must ensure transparency and clarity in data privacy policies for your customers and stakeholders, meeting DISHA compliance standards.
⚠️ Your Action Required
Secure Protocols and APIs
We utilize secure protocols and APIs, such as HTTPS, for data transmission to ensure data security during transit.
✅ No Action Required
Access Only to Authorized Users
Only authorized users can access sensitive data. You can manage access rights for your pharmacy staff through your admin portal ensuring they only view or edit data they are permitted to access.
⚠️ Your Action Required
TLS (Transport Layer Security) Encryption for Data in Transit
We utilize TLS encryption for data in transit to protect data during transmission between users and servers.
✅ No Action Required
Security You Can Trust
At DigitalPharmacy.io, we are committed to protecting your privacy and ensuring the highest standards of data security. Your trust in us is our top priority. We understand just how important cybersecurity is in healthcare, which is why we’ve taken a unique approach to safeguarding your data.