MYCURE strengthens its technology by integrating the company’s value for honesty, transparency, and integrity.
We have carefully crafted our security protocols within all data processing performed inside the platform to guarantee that all your records are kept safe, private, and accessible anytime, anywhere.
Our system follows Technical, Physical, and Organisational Security Measures as required by the Implementing Rules and Regulations (IRRs) of the Data Privacy Act of 2012 (RA 10173):
Grade A+ SSL
All requests over the network are protected with Grade A+ SSL using industry standard encryption algorithms.
Apart from encrypting the user’s personal identifiable information (PII), PII are also dissociated from user’s sensitive information like medical records, diagnostics results, and other health data.
User Designated Access
Only the user has the ability to access their own data. It is the user’s responsibility to assign a secure password (avoid birthdays or obvious words like your pet’s name or your grandma’s name, and don’t be lazy by using 123456 or qwerty either!). A strong password has a mix of uppercase and lowercase letter, numbers, symbols, and is at least 6 characters long.
Secure Cloud Hosting
All of the data processed by MYCURE are hosted inside highly-protected data centers and cloud providers guided by data confidentiality, integrity, and availability (CIA) models.
Adding personnel or re-orienting your current group will allow you to begin to build a privacy culture. The added protocol signals to the rest of the staff that data privacy is a serious matter. Just be careful not to add protocols for the sake of protocol, (example: security guards who poke a stick in purses without really looking at it.)
Addition of walls or dividers
Current front desks already provide some level of privacy by placing computers out of the view of passers-by, but some still have their monitors exposed. A conscious awareness of this from the front desk staff will solve this problem.
Consultation rooms, wherein patients disclose personal information to doctors, can sometimes be very small and close together. It is wise to do a simple check whether the rooms are sound-proof and if not, adjust.
The main areas that need locks would be the file rooms and/or server room.
Installation of CCTVs allow you to monitor who might have had access to certain computers or rooms.
Access IDs distinguised by color, special bar codes, or magnetic strips can be assigned to each employee to give them limited access to certain rooms.
Certain rooms or documents may have red tape in place, forms to fill, and signatures to attain before access is permitted.
The Data Protection Officer can hold quarterly training sessions for the staff to be updates on the new ways hackers are trying to infiltrate data systems, i.e. social hacking, phishing, “open access” wifi, and the like.
Notarized contracts can legally protect companies with third-party service providers from indirect security breaches, while liabilities in terms of Data Sharing.
Your company should regularly check their technical, physical, security measures if they continue to be effective and if any upgrades need to be made. NPC has the right to do random checks on your company and it would be wise to pre-eempt that.
If you are not confident in you ability to implement your own privacy checks, you may hire an external auditor. However, NPC does not require this.
Ban on Portable Devices
Some companies have take data security to another level by banning the use pf personal devices within their premises, as well as banning the use of company devices outside the premises.