See why hospitals and private practices trust us with their highly sensitive medical data
How we protect your data
The security of your data is our highest priority. The Tricefy cloud service is designed with multiple layers of state of the art security across a scalable, secure infrastructure. Data you choose to share with others can also always be anonymized. In addition, we enforce policies and process controls to safeguard access to your information and use third-party auditors to ensure that we remain compliant.
Tricefy is hosted by Amazon Web Services (AWS), which is the market leader in infrastructure security. AWS is one of very few providers that is C5 compliant and equipped to handle medical data. This makes them uniquely qualified to provide the most up-to-date and safest environment for handling sensitive and important data.
The AWS servers used by Tricefy do not have Windows components nor access points, which eliminates the threat from malware so common today.
Secure Data Transfer – Tricefy Uplink
Tricefy Uplink transfers data through a sophisticated, one-directional, impenetrable tunnel from your network to the Tricefy servers.
Data is transferred using a secured internet connection with industry best-practice encryption and transmission (TCP/TLS PSK).
All data is encrypted in an unreadable format that is only consumable to those with the correct key (a cryptographic identity).
- During transit (as data is sent to Tricefy), data is encrypted using Transport Layer Security (TLS 1.2), which creates force field around our tunnel
- Once the data arrives safely to our servers, it is encrypted using AES256 file storage encryption
This is the same level of security trusted by top government and financial institutions.
Tricefy allow very long and complex passwords. Additional security is implemented using multi-factor authentication in the form of “Yubikey” (see www.yubico.com for more information) or OATH-OTP, which is a one-time verification code used by many companies, including Google.
Compliancy is an effective way to validate trustworthiness of a service. We encourage and expect our customers to verify that our security practices comply with the most widely accepted standards and regulations, including (but not limited to):
- ISO 13485
- ISO 27001
- General Data Privacy Regulation (GDPR)
- U.S. Food and Drug Administration (Class I medical device)
- EU Directive 95/46/EC
- OECD Policies & Guidelines
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- India’s Information Technology Act 2011
- UAE DIFC Data Protection Law 2007
- African Union Convention on Cyber Security and Personal Data Protection
Now you see why large healthcare organisations and private clinics in more than 20 countries reviewed our security concept and trust us with their data. They use Tricefy every day to securely archive and share their medical data.