Security
The most important commitment we have is to the security of your data.
This includes every part of our service; its encryption, its infrastructure, and our data policies.
At rest & in transit
Data is encrypted both 'at rest' on our servers and as it moves between our servers and your web browser.
This includes database records, search indexes and any images that have been uploaded.
Password protection
All user passwords are double encrypted and hashed with a salt, which prevents dictionary attacks and adds an extra layer of security.
Patients can only access their own data and clinicians can only access their patients data.
Infrastructure
MyRenalCare is powered entirely using Amazon Web Services, benefitting from all the best practices of AWS policies, architecture, and operational processes to ensure security and reliability.
Amazon Web Services is considered the industry leader in cloud services and is used by countless organisations to power their services including the BBC, the Ministry of Justice, the CIA, Shell and Netflix.
All information you enter is stored and operated entirely within Amazon's secure data centre in London, England.
Compliance
Redundancy
Scalability
AWS environments are continuously audited, with certifications from accreditation bodies around the world.
Amazon has achieved compliance with the most strict compliance programs.
Database failures are mitigated by storing data in multiple databases, so if one database goes down the other databases can pick up the slack.
Changes made to your database immediately propagate to these redundant versions.
Auto-Scaling and Elastic Load Balancing to ensure that our services remain online 24/7, regardless of how many users are accessing the service at the same time.
Data is continuously replicated, ready to be brought back online if any primary nodes fail.
Security standards
Firewalls
Backups
Firewalls protect every virtual server, database, and load balancer to ensure that only authorised traffic can access those resources.
We automatically create multiple active and archived backups of databases on multiple servers, all stored using the same encryption as your live database.
Policies
Security doesn't stop with infrastructure. Without the right polices around privacy and access your data can still be susceptible to human error or compromise.
The same amount of attention to infrastructure and technology needs to be allocated to the people and policies responsible for running that technology.
We've carefully implemented security policies around your data's privacy and about how the MyRenalCare team can access that data.
Privacy policy
Data ownership
History Tracking
Our commitment is to respecting your privacy and the privacy of the information in your account.
Ultimately, the data in your account is not accessible to anyone, unless you make it accessible. You can view our privacy policy here.
Data Ownership - you and your hospital are the owners of your data and, between you, are completely responsible for it.
We have no ownership of your data and we make no claims on it.
Our database stores every change to every record, with a timestamp, username and IP address.
Unauthorised access can be quickly identified and blocked without disruption to the rest of the service.
Roles &
Permissions
NDA and Confidentiality
Each user type is assigned and authorised with specific and appropriate permissions - what they can view, what they can enter and what they can edit.
Access to MyRenalCare and patient data can be revoked at any time by senior clinician users.
All MyRenalCare employees sign non-disclosure and confidentiality agreements that provide legal backing for our obligation to keep your data private and confidential.
Compliant
Data Protection Officer (DPO):
Ian Harrison CEng FBCS MBA CITP dpo@myrenalcare.com