We take system and information security extremely seriously at GoDoctor, and we’ve put in place policies, processes, and procedures to ensure the confidentiality, integrity, and availability of all data in our hands. Run your practise with the assurance that your data is safe. All GoDoctor applications, information, and records are saved in our managed cloud environment, allowing you greater flexibility and security than is achievable with application service providers (ASP) and client-server software programmes on-premises. All of our systems are thoroughly examined and protected utilising the greatest levels of security and encryption.
Traditionally, technology businesses have used “username and password” to control internet access to data and applications, which might make attackers easy victims. Logins can be compromised in minutes in today’s Internet world, putting your personal patient, and financial data at risk.
GoDoctor provides free MFA (multi-factor authentication) or 2FA (two-factor authentication) as a service to add an extra layer of security to your login verification that works in conjunction with your username and password by adding a second security code that only you can access to your login verification (such as receiving the code in your email account). MFA is available throughout our whole technology portfolio via a variety of delivery modalities, including SMS (text message), email, and an authenticator app.
Information Security Management
GoDoctor has an information security management programme that follows ISO 27001 requirements in general. This programme uses a multidisciplinary risk management strategy to improve our security posture over time. GoDoctor goods, business processes, and technical infrastructures all have numerous layers of security.
Annual Risk Assessment
Risk assessments of the GoDoctor infrastructure, business processes, and other locations where ePHI could be released are performed at least once a year. The results of such evaluations are used to make risk management decisions about how to reduce risk to a manageable level. Risk assessment approaches concentrate on areas of business and technological operations where ePHI could be exposed to unauthorised access, disclosure, destruction, or other breaches of confidentiality, integrity, or availability.
The data from risk assessments are then sorted and categorised according to the level of risk. The information acquired and decisions made by examining the possibility of a danger and the threat’s resultant repercussions are used to determine risk. Findings are then categorised into risk concerns, which are documented and tracked until an acceptable solution is found.