Data Security Council of India Member

PRACTO RAY DATA SECURITY PRIMER

Patient name Details Prescription History

En cr y

n io pt

Strong password Two-factor authentication Practo Access Zones

010DSDSFA00 as00111dcdS101 01zxzxc000010 10011sdss101000

Practo is primarily a healthcare data company, and everything we do is based around storing and managing great amounts of health data. In our vision to help people live healthier & longer lives, we consider data our most important asset and we strive to do everything in our power to ensure it remains as safe as possible. This includes using the ‘gold standard’ security protocols that are publicly documented, as well as employing proprietary technologies to safeguard our data vault. This document provides an overview of these measures.

Application security Access control

ur

it y

la y

ers

Highly secure cloud Point-in-time recovery Versioning & multiple backups c se k or tw e N

INSIDE PRACTO’S SECURITY COMPLEX

Our data security standards are the same as your bank’s

Our security team ardently safeguards your data

Using stringent data protection and transfer standards ensures

We have the best team of qualified security experts with proven

your data is in the safest hands possible. Our systems always

track records to make sure that data is kept completely safe,

keep an eye on any and all changes, and discrepancies are flagged

behind an almost impenetrable wall. All data traffic that passes

immediately (within milliseconds).

through our servers is continuously analysed and tracked. Our data team also conducts precautionary security measures, like regular risk analyses and vulnerability assessments (in which our experts attempt to break into our own systems) to ensure that our data protection constantly improves and always remains current.

Our systems have nerves of steel

The data that passes through our servers travels through multiple

Our data storage systems are extremely robust

All data is backed up and versioned multiple times, in unique

network security layers before reaching its destination. This makes

secure locations across the world. We also employ a smart

it possible for us to monitor and detect any unusual activity and

feature called point-in-time recovery service, which allows us to

nip it in the bud, before it has had any chance to make any impact.

securely retrieve data from a specific time period. We have taken

The entire process takes place in a few milliseconds, ensuring

every conceivable step to prevent against data loss and made

speed and performance along with security.

sure that a version of your data can always be recovered. And almost all of this is automated, which means it’s running 24x7 even when our engineers are not physically present.

WHAT CAN I DO TO KEEP MY DATA SAFE?

The most common data security breaches happen due to easily preventable reasons, like weak passwords. Here are some simple measures that you can take, along with great opt-in features available in your Practo Ray account for complete peace of mind:

Two-factor Authentication Two-factor authentication adds an extra OTP-like layer of security, in addition to the credentials used to login to a Practo Ray practice. Right after you login with your

P OT

username & password, you’ll be asked to enter a code that is only accessible through an app on your smartphone or via SMS to a registered mobile number. You may have used this feature while logging in to your bank account.

Practo Access Zones Access Zones prevent unauthorized access to a Practo Ray practice from internet connections (or locations) other than the ones specified by you. Here’s how it works: All computers and mobile devices connected to the internet have an IP address. When you add IP addresses of your devices to the Practo Access Zones list, only these devices are allowed to access your Practo Ray account. This feature ensures that no one can access your practice data outside your practice premises, even if they happen to have your username & password. Using two-factor authentication and Practo Access Zones together makes accessing Practo Ray the most secure system in the industry!

Adding separate user accounts Instead of sharing your login details with your staff, you can create separate accounts for each of your staff members. This way, all your practice data remains secure. You can also specify access levels for each staff. Which means your receptionist won't have access to your billing data. So your staff will only see what you want them to see. Check our help article to see how to do this.

Setting a secure Password Using a strong password more than 8 characters long and which does not contain easy-to-guess words (like your name, your child’s name or your phone number) is a must. Our guidelines mandate that your password must: Be between 8-20 characters (longer the better!) Have at least one - upper & lower case alphabet - digit - special character out of @, #, $, %, ^, &, +, = Be changed regularly

Tip: If you want something easy to remember, start with a familiar word and keep making it stronger with a combination of upper & lower case alphabets, numbers and special characters. Here’s an example: Say your name is Mohammed and you were born on the 14th of June. Start with your name your date of birth – Mohammed146. Now add upper case alphabets – MoHaMmeD146. Now add special characters – MoH@MmeD146 and there you have it! However, we still recommend you have a completely unique combination of alphabets, numbers & characters that is very hard for anyone to guess. And remember to not leave the password lying around anywhere!

A TECHNICAL OVERVIEW

For the technically inclined, our security experts have also put together a primer on the secure technologies we employ at Practo.

Virtual Private Cloud

Encryption

All of Practo’s applications reside in a secure virtual private cloud

As your data travels from your computer to the VPC and back,

(VPC), which acts as a private space within a shared cloud

128-bit encryption protects it on the way. Encryption essentially

ecosystem. No other applications or services have access to your

converts textual data into random gibberish, mathematically

data and your data never leaves the VPC.

designed to be impossible to be read by either a human or a computer. When encrypted, only the cloud (pre-authorized by you) and your device can read your data. Even if the data is attempted to be read while it travels between your device and the cloud, it would make no sense.

Internal Security Measures

Our dedicated team of security experts periodically monitors the

Access Control Lists

Access Control Lists specify which user levels have the privilege to

health of our applications, protocols and systems. They ensure all

access or modify any data systems. It is a highly secure, rigid

technologies used are up-to-date and also monitor the safeguards

protocol that ensures nobody outside the access boundary (even

applied to all data coming in and out. Periodic tests, assessments

with a borrowed username & password) can access what they are

and system reviews of all security equipment are conducted

not supposed to. Think of it as being similar to access levels in

frequently.

Practo Ray – your receptionist cannot access reports, for instance.

Application Security

Till now we have discussed the safety protocols and measures applied while data moves across servers. But what about the integrity of our in-house systems? That’s where application security comes in. Simply put, application security refers to the use of software, hardware, and procedural methods to protect applications from external threats. This team ensures that the code which powers all Practo products remains as secure as possible, and a series of protocols are in place to make Practo a virtual fortress. The application security team performs Manual review of every line of code written by any developer Periodic maintenance and review of existing code External security reviews, by industry-leading experts Enforcement of non-disclosure agreements and strict usage terms for all external parties OWASP Top 10 compliance OWASP Top 10 describes a set of common and critical security vulnerabilities, as identified by international security experts. Almost all internet services or websites that handle sensitive data (e.g. banks, email programs, e-commerce portals) adhere to OWASP’s recommendations, and so do we. Also, application data (which refers to our services) and user data (the data that you enter) are in the same VPC, which means nobody can access any data while it is being transferred internally. But we still went ahead and encrypted everything, just to be super-safe.

Additional security measures:

Along with all the above measures, we are constantly looking for ways to improve our security feature. As a part of those efforts, Practo is now a member of the Data Security Council Of India (DSCI) - a NASSCOM initiative, functioning as the premier industry body to keep cyberspace safe,secure and trusted by establishing best practices, standards and initiatives in cyber security and privacy. With the experience and resources of DSCI, we’ve been working with them to reach new levels of security excellence, ensuring that our data security is truly unshakeable. With all these security measures (and many more, under the hood), it’s no longer a secret that Practo takes data security very, very seriously. And with all the hard work that we’re putting into protecting the world’s healthcare data, you can rest assured in trusting Practo as your partner in digital health.

If you still have questions, we’d be delighted to hear from you at [email protected]

E book_Updated_New India-2.pdf

There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. E ...
Download PDF
677KB Sizes 2 Downloads 96 Views
Report

Recommend Documents

e f e f e f e f e f e f e f e f e f e f e f e f e f e
With your bitter, twisted lies,. You may trod me in the very dirt. But still, like dust, I'll rise. Does my sassiness upset you? Why are you beset with gloom? 'Cause I walk like I've got oil wells. Pumping in my living room. Just like moons and like
V e- e
Sep 25, 2003 - Zakeeruddin et al., “ToWards Mediator Design: Character. iZation of Trisi(44l'iSubstitutedi2,2'iBipyridine) .... chemical measurements are subject to many in?uences that affect the accuracy of the measurements, ... As alternate oxida
E&E solutions
2. (a). (1). (1) for correct current. [no mark for reuse of Ohm's Law]. (1) [number and unit must be correct]. 3. (b). Transistor (switch). (1). 1. (c). • R of LDR increases. (1). • V across LDR increases. (1). • (above 0·7V) Transistor switch
E&E - extra questions
The circuit diagram for the buzzer system is shown below. (a). (i) Name component X. 1. (ii) What is the purpose of component X in the circuit? 1. (b) The darkroom door is opened and the light level increases. Explain how the circuit operates to soun
e
Shortlist is a funded global technology startup that will transform the way small ... mid—career professionals for jobs in ways that haven't been done before.
E&E Pupil Booklet copy
it against the direction of the electric field. In Physics we would say work is done (we will revisit the idea of work in the Dynamics and Space unit). Imagine that ...
Nat4 E&E KU Qs
by a master switch. (a) A diagram ... darkness and the master switch to be on to make the lights come on. Complete .... MARGIN. Temperature in degrees Celsius.
Thought Leadership in e-Governance, e-Infrastructure, and e ...
Thought Leadership exposes authoritative perspectives on top- ics relevant for the professions involved in e-Governance, e-Infrastructure, and. e-Business.
2015_05_Maj_Paralajmerimi Ardhja e Dyte e Krishtit.pdf ...
There was a problem loading this page. 2015_05_Maj_Paralajmerimi Ardhja e Dyte e Krishtit.pdf. 2015_05_Maj_Paralajmerimi Ardhja e Dyte e Krishtit.pdf.
E-COMMERCE
UNIT-II. Electronic commerce and world wide web- Architectural frame work of E-commerce- .... Combined piece files. Combined piece documents. 14. What is meant by „Video Servers‟? The video servers are the servers that provide digital video for t
E-COMMERCE
implementation- Value added networks- Internal information systems- customization-Supply chain Management. UNIT-IV ... the content of E-Commerce, the servers are the systems or programs that provide information to other ends called clients. ... Accou
E 0
May 10, 2016 - Education Program Supervisors. Public Schools ... Participants to this training are Public Schools District Supervisors, select. Elementary School ... technical assistance afterwards. LIST OF ... Pencil (0.5). 12. Card board. 13.
e-brochure
Like you. Now all you need is a Code. Welcome to W54. Ultra-luxury residences? An alpha-numeric password? Neither and both. W54 is a world within a world. A microcosm, a culture of the chosen few. 56, to be precise. And no more. Achievers, leaders, i
f"E
From. Re. STATUS OF IMPLEMENTATION OF THE SCHOOL REPORT CARD ... C). 0 Q. CD. < -. 3 C. 9-. 0 CO. CD a. CD. CL M. ooCO. 0-. 0 a. 0. 0. 0. 0-. CC-. -•.
e-brochure
THE SPECTACULAR SKY LOUNGE. The Terrace Sky Lounge takes you to new heights of luxury and exclusivity. After all, it's called the Sky Lounge with good reason. Enjoy the Mood Lighting or sit back and take it all in at the Shamiana, the informal sittin
ijfe),,e(
IL.,,.,, .., . ,,sis 1 n'i. June 8 201t, i ijfe),,e(. Li 01 ; 1 9. Dear Dr. San Antonio. Warm greetings'. We are pleased to inform you that Philippine Normal University. the ...
e-Circular
Oct 14, 2009 - We refer to our Circular letters No. CDO/PM/16/CIR/46 dated 16.11.2006 and. CDO/P&HRD-PM/60/2007-08 dated 17.01.2008. In terms of the laid down guidelines, reimbursement of medical facility is available to all categories of employees a
veJejeef$e DeeLe&ele veejer ke鴣e&J³e ke骸 ... -
osnYeeve ceW Deeke鮑DeHeves keé´£e&J³e ke骸s Yetue ke鮑Kego Yeer efJeke ... Gmeke骸s neLe ceW efYevve efYevve ef®epes oske鮑mHe< efke應ee nw ...
20/T/E CE 20/T/E CE 20/T/E CE 20/T/E CE 20/T/E CE ... -
Sl.No. Name of the Teacher. Name of the School. Designation subject. Subject. Code. Allotted as. 1. 2. 3. 4. 5. 6. 7. 1. B. MALLIKARJUNA RAO. ZPHS, P.