Tricefy
Security Overview
See why hospitals and private practices trust us with their highly sensitive medical data
Tricefy
How we protect your data
Discover why healthcare organizations and private clinics worldwide rely on Trice products for the secure archiving and sharing of medical data. They use our solutions daily, confident in the safety and security we provide. Our security measures are tailored to meet your most critical requirements, ensuring that your data remains protected.
We enforce strict policies and process controls to safeguard your information and are committed to continuous adaptation and improvement in this area. We use third-party auditors to ensure that we remain compliant with U.S. and international laws regarding information security, particularly HIPAA and GDPR through our ISO 27001: 2022 and ISO 13485: 2016 Certifications. Additionally, data that you choose to share with others can also be fully* anonymized before transmission to Trice.
The Tricefy cloud service is built with multiple layers of state-of-the-art security within a scalable, secure infrastructure.
Information Security Policy
Effective information security policy and management adapts to the healthcare landscape’s fast-evolving threats and technologies. Trice protects all of our customer’s Protected Health Information (PHI) and (PII) stored in the Trice product platform to ensure the confidentiality, integrity, and availability (CIA) of such data,
The Trice Information Security Policy applies to all Trice staff, subcontractors, and vendors.
Information Security Management System
Trice has implemented an ISMS under an ISO 27001:2022 certification. The Trice Information Security Management System (ISMS) maintains the confidentiality, integrity, and availability requirements of our customers' Protected Health Information (PHI).
Trice is a Business Associate (BA) under HIPAA.
Our ISMS is audited annually by BSI to certify our compliance to the ISO 27001:2022 standard.
Our Certification status can be found at ISO 27001:2022.
Quality Management System
The Trice Quality Management System (QMS) manages medical device safety requirements of our in house developed products.
Tricefy is a U.S. Food and Drug Administration Class I medical device.
Our QMS is audited annually by TUV to certify our compliance to the ISO 13485:2016 standard.
Our Certification status can be found at ISO 13485:2016.
Cloud Datacenter Security
We apply the same level of cloud security trusted by top government and financial institutions by using best-in-class security controls (described below) for our customers to provide the most up-to-date and safest environment for handling sensitive and important data.
Trice products are hosted by Amazon Web Services (AWS), which is the market leader in cloud security. AWS maintains “security of the cloud” compliance to ISO 27001, SOC 2, GRPR, HIPAA, C5, and many others while Trice provides “security in the cloud”.
Data Security
We apply strong encryption, secure data transfer, and detailed user and system level audit logging.
During transit (as data is sent or received to Trice), data is encrypted using Transport Layer Security (TLS 1.2+), which creates force field around our tunnel. Tricefy Uplink transfers data through a sophisticated, one-directional, impenetrable tunnel from your network to the Trice AWS servers.
Data is transferred using a secure internet connection with industry best-practice encryption and transmission (TLS-PSK). All data is encrypted in an unreadable format that is only consumable to those with the correct key (a cryptographic identity).
Once the data arrives safely to our servers, it is encrypted using AES-256 storage encryption.
All transactions are logged and centrally collected in our SIEM for analysis and monitoring. Customer logs can be directly exported via API.
Anonymization & De-Identification
Tricefy Uplink allows customers to anonymize sensitive PHI elements before they leave your location.
Trice Anonymization removes identifiable information and automatically occurs when delivering exams to a patient. There are 2 Anonymization options.
When using the Typical Uplink, non-DICOM content (such as PDF documents) that cannot be anonymized are password protected for patient sharing.
When using complete ("strict") anonymization by using the Advanced Uplink. Strict anonymization discards any non-DICOM content and not only anonymizes the data sent to the patient, but also the data uploaded to Tricefy. This will make the studies non-distinguishable.
Network Security
We utilize state-of-the-art firewalls, IDS, load balancers, network segregation, monitoring tools and best practices.
The Trice AWS cloud platform incorporates AWS load balancers and firewalls to allow only required ports and protocols from customer locations and within our network.
Internal networks are separated by function.
All systems and services are monitored 24x7.
Access Control
Tricefy allow very long and complex passwords. Additional security is implemented using multi-factor authentication in the form of OATH-OTP, which is a one-time verification code used by many companies, including Google.
Security Compliance Certification & Attestation
Trice utilizes annual 3rd party auditors that validate the effectiveness and trustworthiness of our services. We encourage and expect our customers to verify that our security practices comply with the most widely accepted standards and regulations:
- ISO 27001: 2022
- ISO 13485: 2016
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- General Data Privacy Regulation (GDPR)
- U.S. Food and Drug Administration (Class I medical device)
- TX-RAMP
Now you see why large healthcare organisations and private clinics all over the world have reviewed our security concept and trust us with their data. They use Tricefy every day to securely archive and share their medical data.
