There is only one owner of your data: you are. YOU!
Hence, Docty does not retain any form of your data.
As a special note, docty does not trade, share, or lease your information to any other party.
Docty has strict measures in place so that data isn’t compromised at any time.
Your data has only one owner who must be granted the ability to delete your data. YOU!
256-bit
encryption
ISO 27001
certified
HIPAA
compliant data centers
It should be mentioned that the company is ISO 27001 certified.
Safe organizational practices are guaranteed by clients’ awareness and other access controls.
Protect processes through adequate discrete and effective administrative controls as well as supervision.
Strong technical controls are accompanied by regular vulnerability scans as well as penetration tests on the systems.
Data security for patients
The customer believes that the data belongs to her/him and therefore should not be shared with anyone else.
None of the users at Docty can see what user data looks like.
We create chatbots to help you but we never send you messages for any reason if you didn’t permit us to.
We send promotional messages with an option to unsubscribe from any future messages, from our database.
You will be glad to know that MChen does not disclose any data to any third party.
Data security for doctors
You should understand that we cannot read or view the data of your practice.
Here, we do not disclose any of the data with a third-party
Thus, doctors remain in full control to determine what has to be communicated to their patients.
We keep tight control over data to ensure that the users’ privacy and safety are well protected.
Certain special characteristics of both private and hybrid clouds
We never send promotions to your walk-in patients
I wish to clarify that as per our privacy policy, we don’t contact your walk-in patients or send any commercial communication to them. This means that for any patient to be promoted in any way by any of us, they will have to check the Docty site. Another way is when they self-register on the website of educator. com. cn or download our app independently and have the authority to allow us to communicate with them. As if, Docty does not have any control over the patient database you store in Ray whatsoever.
Your data has multiple encrypted backups
All data is backed up and versioned several times at several secure sites, anywhere from five to ten data replicas are kept in other parts of the globe. We also use here another intelligent option well known as point-in-time recovery to retrieve the data from a particular time frame.
We don’t sell your data
We understand the importance of healthcare information and the privacy and protection of such data in the utmost manner. We do whatever we can to maintain it and will under no circumstances share it with anyone.
We never mix doctors’ data with patients’ data
A personal and safe place for your records of health.
Your data is confidential we won’t share it with anyone.
All is secure using the 256-bit encryption.
The main goal of two-factor authentication is to avoid such actions and exclude unauthorized access to the user’s account.
Especially in withdrawal, remote logout prevents other unauthorized login attempts.
FAQs
Regarding data Security and privacy, what does Docty think about them?
We take data security and privacy extremely seriously at Docty. It is one of the foundational pillars of our company and is implemented at the core of every product.
We hold that your healthcare data is the most sensitive personal information that you carry, and hence it requires proper protection. Docty collects or uses any personal or sensitive personal information belonging to you only after obtaining appropriate and clear consent from you. Further, we understand that people change their minds; therefore, no consent is permanent and our systems are built with flexibility so that any consent given can later be revoked.
That is why, in all our products, patients and providers are to be in control of deciding what to share and what to keep secret.
Where does Docty get its data from?
2. First, our data is stored with 256 bit encryption on HIPAA compliant servers. More importantly, we are an ISO27001:2013 certified company. This certification is one among the most recognized and stringent information security certifications that validate efforts a company makes toward protecting data and all kinds of information assets.
We have two different types of data sets. One involves health care providers making use of our software for holding information regarding the patients they are attending to. This information could include patient information, a diagnosis, treatment plan, any clinical notes, communication, and other details. All this is held on behalf of the provider and cannot be accessed by Docty. It’s stored privately and securely for every provider using our software.
The other dataset is when the patients are coming directly to Docty and using Docty to store their health history or even doing a healthcare transaction like booking an appointment, online consultation, and more. All this data is stored on behalf of the patient, and this too is stored with 256-bit encryption and HIPAA compliant servers. Any patient who uses our service gives us permission to contact him/her, from time to time with marketing and/or other communications which he/she can opt out of when he/she chooses to.
I am a doctor using your Ray software, what kind of access do you have to my data stored in Ray?
Docty does not have access to the data stored in Ray.
If you don’t have any access to data in Ray, how can you send those appointment confirmation or feedback collection SMSes to my walk-in patients?
For example, let’s assume you have turned the option to send a confirmation SMS for an appointment for your walk-in patient. It will go ahead and take that patient’s phone number, find the appointment detail that you’ve confirmed and sends that information to that patient. Over and above this, Docty is not vested with any rights to send any other form of message or communication or get in contact with the patient for any reason whatsoever. Moreover, you can, at any time, revoke even this facility by simply changing the settings inside Ray.
How do you distinguish between patients who come to me directly and patients who come to me by booking via Docty website or app? For both of them, what data can you access?
We have always drawn a very clear distinction between sets of data pertaining to users who directly visit Docty.com (“Online Patients”) and those that visit a clinic and are walk-in patients of the doctor (“Walk-in Patients”). The separated infrastructure, along with firewalls on Ray, does not allow Docty.com to access data from Docty Ray.
Online patients: These are the patients who enroll with Docty by either using our website, Docty.com, or our app and then call or book an appointment with any of the affiliated clinics. Each one of these patients, separately, grants us permission to reach out to them about any communication that is relevant for rendering services along with availing new products or services. Docty has no access to personally identifiable health information of patients.
Walk-In Patients: In case the patients come walking into the clinic and the doctor is putting their details in our software such as Ray, then Docty will not get any access to that information. The rights to get in touch with that patient will not be created by putting the patient’s details in Ray. Additionally, Docty will not have also access to personally identifiable health information of those patients too. We believe this is highly important and therefore have committed to every provider by writing it into our terms of service.
I had a walk-in patient who received marketing communication from Docty. How is this possible?
Unless your walk-in patient visits Docty independently and grants permission to us, he will not receive any marketing communication from Docty. They will only get that which you have enabled in your settings in Ray. Should you want to view those settings, click here to log into Ray and see what’s enabled under your settings.
My patients complain of receiving marketing communication from other healthcare companies as soon as they registered at my clinic. Do you sell data?
Have you ever faced a data breach?
Is my data really safe with Docty?
Absolutely. Docty is amongst the safest places for you to store your healthcare information and that of your patients.
We have a variety of measures that protect your data, some of which are:
1. HIPAA Compliant servers: All data is stored in HIPAA compliant servers
2. Encryption: All data is encrypted with 256 bit encryption during transit and at rest.
3. Two Factor: We have implemented Two-factor authentication to protect against foul-play.
4. Access Zones: We have implemented access zones that prohibit access to information from locations not specified by the user. This ensures that even if the authentication information leaks, access can only happen from the physical locations specified by the user.
5. Role Based Profiles: A doctor/clinic owner can set up different profiles for their staff with different levels of information access. This ensures that only the doctor has access to the patient files while the staff access is restricted to the clinic operations rather than the patient information.
6. Data Backup: We take multiple backups of your data and it is kept in geographically distributed locations to make sure you never have any data loss. Even in the event of a natural disaster in one geography, your data remains safe and can be recovered.
7. No Virus: Since all your data is stored in cloud, it protects you from any local virus that your computer might have, so the only virus you have to deal with is those affecting your patients 🙂
What specific measures do you use to ensure security of data stored with you?
We have a variety of measures that protect your data, some of which are:
1. HIPAA Compliance: All data is stored in HIPAA compliant servers ensuring industry standard consent architecture and privacy policies.
2. Encryption: All data is encrypted with 256 bit encryption during transit and at rest.
3. Two Factor: We have implemented Two-factor authentication to safeguard against foul play.
4. Access Zones: We have implemented access zones that prohibit access to information from locations not specified by the user. This ensures that even if the authentication information leaks, access can only happen from the physical locations specified by the user.
5. Role Based Profiles: A doctor/clinic owner can set up different profiles for their staff with different levels of information access. This ensures that only the doctor has access to the patient files while the staff access is restricted to the clinic operations rather than the patient information.
6. Data Backup: We take multiple backups of your data to make sure you never have any data loss and even in terms of a natural disaster in one geography, your data can be recovered
My offline patients receive SMS from Docty software which mentions Docty and that leads them to your website/app. They are not your direct online patients. How can you market to them?
We have some services – for example, appointment reminders or electronic record sharing, through which a doctor may share records with his/her patient. In this case, if he does that, then we send a message to the patient with a link to access that record. But if the doctor doesn’t want such a link to be included in those SMS, he can opt out of it.
I have been asking my patients to go to Docty and book appointment with me there. They are still my patients and not Docty, hence can you market to them?
Merely visiting Docty.com is not enough. To receive marketing messages from Docty, a patient must visit us, register for an account and gives his permission to market him. Only once they have given us their permission do we market to them.
Moreover, the database carrying Ray data is sitting on a different platform than that which Docty.com uses. Under our terms of service agreed upon with you, Docty will not be able to have access to the data in the Ray database. We cannot eliminate any patient who visit Docty.com, as they may have been visiting you too in the past and their data may exist in the Ray database, as that will be breach of privacy and violation of our contract with you.
When I send my patients a prescription through Docty and when they open it, does that make them Docty direct online patients?
No. It does not.
When I ask my walk-in patients to give me a feedback - does that make them Docty direct online patients?
No. It does not.
If a Walk-in Patient downloads and signup through Docty app to view prescription etc. shared by the doctor does he/she becomes Online Patient?
When you share a prescription with a patient, he does not need to download the Docty app in order to view it. He just needs to click on the link you are sharing with him in order to see that prescription. If a patient downloads our app, and allows us to reach out directly, then we can.
What if I find a security vulnerability in any of your applications?
Is Docty compliant with the data security and privacy laws in India?
Of Course, docty complies with all applicable laws in every country it operates in.