Security at Medicasimple

Guarding Your Data

At Medicasimple, we recognise that the data you entrust to us is absolutely paramount - to you, your practice, and your patients. We, the Medicasimple team, labour relentlessly to shield the confidentiality, security and integrity of your account and associated data. We understand that the safeguarding of your data is the foundation of our success, and we pledge our daily commitment to ensuring that it remains under our vigilant protection.

In this document, we illuminate the detailed protocols we follow to uphold security at Medicasimple.

Secure Data Housing

We are dedicated to ensuring that the hardware within the Medicasimple network is constantly secured. Medicasimple is powered by servers owned and operated by Amazon Web Services (AWS), a renowned industry leader that offers a highly adaptable cloud computing platform, situated within the boundaries of the European Union. AWS offers comprehensive security and privacy features as standard.,

Access to these data centres is heavily guarded and rigorously overseen using a variety of physical and digital measures, such as intrusion detection systems, environment security measures, around-the-clock onsite security personnel, biometric scanning, multi-factor authentication, video surveillance, and more. AWS upholds a strict least privileged basis for employees' data centre access, which is logged and audited on a regular basis.

AWS possesses a suite of reports, certifications and independent assessments to ensure state-of-the-art data centre security. Further information on AWS's data security can be found here: https://aws.amazon.com/security/ and here: https://aws.amazon.com/compliance/

The team at Medicasimple does not have physical access to our AWS servers. Electronic access to AWS servers and services is granted strictly to a select group of authorised Medicasimple personnel.

Ensuring Data Safety

Password Protection

We ensure that all passwords are filtered from our logs and one-way encrypted in our database using the BCrypt algorithm.

Medicasimple staff members are not privy to your password. If you ever forget your password, you'll need to initiate the reset process to regain access to your account.

Credentials for Third-Party Services

Accessing third-party services may require credentials such as passwords, OAuth tokens, and API keys. These are also encrypted and safely stored in our database. At any time, you can completely rescind Medicasimple's access to a service.

Data Duplication and Backup

We go to lengths to ensure all practice data is duplicated and frequently backed up.

Securing Applications, Systems and Software

Securing Applications, Systems and Software

We have instated robust encryption via TLS across our application, helping to significantly reduce the risk of someone intercepting sensitive information such as username-password combinations.

We adhere to the best practices of the industry to patch potential gaps in the security policy of our application and the underlying systems, and to thwart common web attack vectors.

Medicasimple also maintains a robust application audit log to document security events, such as user logins and data modifications.

By ensuring that our software and its dependencies are always up to date, we can mitigate potential security vulnerabilities. We employ a broad spectrum of monitoring solutions to ward off and eliminate threats to the site.

Communication Security

All communication within the Medicasimple application is encrypted over 256-bit SSL - the same grade of encryption used by banks and financial institutions - ensuring that it cannot be intercepted by a third party.

Security and Privacy Features of Medicasimple

The behaviour of its users often poses the greatest security risk to any system. We equip you with the tools needed to protect your own data. The security features within Medicasimple have been meticulously designed with stringent, enterprise-level security requirements in mind.

User Account Security

We offer a role-based administration system for user accounts. There are different roles available within Medicasimple.

IP Address Authorization

Your Medicasimple account can be locked down to a pre-approved list of IP addresses. Any attempt to access Medicasimple from an unauthorised IP address will be rejected. We only suggest using this added security feature if your practice has a static IP address.

Staff Access and Security Protocols

We treat your data stored within MedicaSimple as strictly confidential to your practice and patients.

Our production environment is entirely isolated from other environments, such as development and testing. Medicasimple employees are granted access to systems and data based on their role in the company or on an as-needed basis.

Medicasimple staff can only access your data to assist with support, resolve customer issues, and as stated in our terms of service. When resolving a support issue, we strive to respect your privacy, accessing the bare minimum data needed to address your concern. You can prohibit Medicasimple support employees from accessing your data by disabling support access from your account settings.

Security Maintenance

Medicasimple adheres to industry best practices for design and development. We rigorously test new features to eliminate potential attacks like CSRF, XSS, SQLI, and more.

As the cyber threat landscape evolves, we continue to upgrade our security policies. Our engineering team consistently oversees ongoing security, performance, and availability. We subscribe to all relevant security bulletins to promptly address any security issues in the software we use.

Privacy and Data Protection

All services used in Medicasimple comply with the Information Commissioner's Office (ICO) requirements for EU data protection.

Your Medicasimple terms of service agreement uphold the confidentiality of your practice data. As stated in the agreement, you retain full ownership of any data uploaded to Medicasimple.

System Availability

Medicasimple guarantees a high level of system availability due to our robust infrastructure. We maintain transparency with availability and report all incidents on our status page.

Report a security vulnerability

If you find a potential security flaw in Medicasimple, we urge you to contact us without delay. We will investigate all credible reports and rectify any issues immediately. You can responsibly submit potential security vulnerabilities to security@medicasimple.com by following the guide below.

Reporting

Share the details of any suspected vulnerabilities with Medicasimple's Security Team by emailing us at security@medicasimple.com.

Please do not publicly disclose these details without explicit written consent from Medicasimple. When reporting any suspected vulnerabilities, please include:

  • Detailed vulnerability information, with steps to reproduce the issue
  • Your email address
Our Commitment

If you identify a verified security vulnerability in line with our Responsible Disclosure Policy, we commit to:

  • Acknowledge receipt of your vulnerability report promptly
  • Provide an estimated timeline for the vulnerability resolution
  • Notify you when the vulnerability has been resolved."