Healthcare is highly personal. More so than many other industries. The information is sensitive, confidential and more personal than perhaps even financial information.
At Practo we take data security and privacy extremely seriously and use some of the world’s best and most advanced security systems and processes to ensure the data is safe, secure and private for both our consumers as well as for providers who are using our software systems. In fact, Practo is a member of the Digital Security Council of India to help establish best practices, standards and initiatives in cyber security and privacy.
For Practo Ray, our software for clinics, these are few of our many security features that ensure security and privacy of the clinic data such that only the doctor or someone authorized by the doctor can access the data and no one else, not even Practo, can access this information.
- HIPAA Compliance: All data is stored in HIPAA compliant servers ensuring industry standard consent architecture and privacy policies.
- Encryption: All data is encrypted with a minimum of 128bit AES encryption. Data is encrypted as it is sent over the internet ensuring that only the sender and the authorised receiver can access it.
- Two Factor: We have implemented 2-factor authentication to ensure we can doubly verify the identity of the person accessing the information and only give access to the doctor.
- Access Zones: We have implemented access zones that prohibit access to information from locations not specified by the user. This ensures that even if the authentication information leaks, access can only happen from the physical locations specified by the user.
- Role Based Profiles: A doctor/clinic owner can set up different profiles for their staff with different levels of information access. This ensures that only the doctor has access to the patient files while the staff access is restricted to the clinic operations rather than the patient information.
These and many more features ensure that only the doctor and their authorised staff can access data generated by the clinic and no one else, not even Practo has access to this information.
We hope this helps you better understand the security features available to you via Practo Ray. If you need help to understand more, please do reach out to us.
- Can Practo access my patient information?
- All data created by you or your staff is encrypted and accessible only by you and your authorised staff. No one has access to this data as it is completely encrypted and only accessible via your login details. Not even Practo can access this information.
- What all data is encrypted and protected by Practo.
- All medical information, including reports, prescriptions as well as personally identifiable information of the Patient is encrypted and securely stored by Practo.
- Will Practo use my patient data to market to my patients?
- Practo systems are designed to only allow the doctor and his authorised staff to have access to the data. Practo cannot access this information at any point as it is encrypted while stored as well as during transmission
- How do you segregate between a Practo consumer and my patient?
- Practo Consumer: Any consumer who downloads our app or visits Practo.com to book an appointment or use any of our other services is a Practo consumer. Practo terms of service allow Practo to contact and market to this consumer. Additionally the consumer has to give us his contact information only then can we contact him in any way.
- Ray Patient of the clinic: Any consumer who books an appointment directly by calling the clinic or the doctor (even if the doctor then puts the appointment in his/her Ray calendar is considered a Ray patient of the clinic. Practo does not have access to any information about this patient and therefore cannot and does not market to these patients using this information.
- Then why do some of my patients get SMS and marketing messages from Practo?
- The only way this can happen is if your patient also visits Practo.com and books an appointment through the app or uses any of the other services offered on our website or app Under no circumstances do we have access to patient contact information mobile number / email even if he is patient on one of the Ray enabled clinics. In each instance when we have contact information the consumer has to specifically and separately give us the details as a Practo consumer.
- Can you exclude my patients from receiving messages even if they come and use the Practo.com services?
- No, unfortunately, we cannot. Since we do not have access to your patient data stored inside Ray, we cannot identify which patients on Practo.com are your Ray patients and which ones are not.
- What about your new medicine delivery business? Are you using my patient prescription to sell them medicines?
- Not at all. Practo does not have access to the prescription created in Ray. Practo also does not have access to this prescription even if you share it with the patient. Only the doctor, his/her authorised staff or the patient has access to the prescription.
- However, patients can log-in to the Practo app themselves and order medicines if they want. Do note that this service is currently available in Bangalore only.
We hope this provides more clarity around the steps taken by us and the features we have built into our systems to ensure security and privacy of your and your patient’s data. If you would like to know more about these, please reach out to us.