Privacy and data security form the basis of the Signapps platform. We continuously strive to meet global compliance standards for data and privacy protection.
Our purpose at Signapps is to positively transform how people are cared for by delivering communication technology that enables better clinical outcomes.
In doing so we enable our Customers and Users of the Signapps Platform to share healthcare information which is treated as a special category of data under the law.
Healthcare information is highly sensitive and we understand that it is important to our Customers and Users of the Signapps Platform and their Patients that this data is secured appropriately.
With this in mind Privacy is a core value of our business and we have taken a number of steps to ensure that that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well being.
Similar Privacy principles extend to the personal information we process relating to the Customer (e.g. Hospitals, Payers, Practices) and Users (Healthcare Professionals) themselves.
You will find our Privacy Notice here.
Data Protection Legislation Compliance
A requirement of the jurisdictions within which we operate is that Healthcent (the company that developed Signapps) and the Signapps Platform are compliant with data protection legislation. Healthcent complies with two separate but very similar pieces of Data Protection Legislation being Protection of Personal Information Act, No. 4 of 2013 (POPI); and General Data Protection Regulation (EU) 2016/679 (GDPR).
The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements related to the processing of personal data of individuals (formally called data subjects in the GDPR) who are located in the EEA, and applies to any enterprise—regardless of its location and the data subjects’ citizenship or residence—that is processing the personal information of data subjects inside the EEA.
The Protection of Personal Information Act, No. 4 of 2013, as amended from time to time (or POPI Act) is South Africa’s equivalent of GDPR and is substantively similar to GDPR. It sets out conditions for responsible parties to lawfully process the personal information of data subjects (both natural and juristic persons).
Our privacy and data protection policies are based on the General Data Protection Regulation (EU) 2016/679 (GDPR) and applies both to customers and users in both EU and South African jurisdictions.
Protecting your Data
Healthcent has taken state of the art security measures applied to the special category of personal information we process (healthcare information) and the risk such processing poses to ensure confidentiality, integrity and availability of our systems and services and the personal data we process within them.
Security measures have been implemented to ensure that data can be accessed, altered, disclosed or deleted only by those you have authorised to do so using sophisticated encryption techniques (and that those people only act within the scope of the authority you give them). Further that the data we hold on your behalf is accurate and complete in relation to why we are processing it; and the data remains accessible and usable, i.e if personal data is accidentally lost, altered or destroyed. By approaching data protection in this way we are be able to recover your data and therefore prevent any damage or distress.
Healthcent follows the Cyber Essentials scheme for ensuring its information security. Cyber Essentials is a UK government information assurance scheme operated by the National Cyber Security Centre (NCSC) that encourages organisations to adopt good practice in information security. It includes an assurance framework and a simple set of security controls to protect information from threats coming from the internet.
We host our services on Amazon Servers based in Ireland. All generally available, AWS, services and features adhere to the privacy and data protection standards required of data processors by the GDPR. AWS is compliant with rigorous international standards, such as ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5).
Furthermore all processing components of the Signapps Platform are compliant with GDPR.