CloudRx ("CloudRx") Privacy and Security Policy
Last updated: January 2020
CloudRx acts as a trusted confidential application service provider dedicated to providing a secure Internet and mobile prescribing service.
CloudRx employs a high degree of security consciousness. One of CloudRx’s priorities is to make reasonable efforts to ensure that data is fully security and is fully compliant with all regulations. Access, integrity, availability, ownership, authorisation, dependability, authentication, and confidentiality are all major considerations within the CloudRx Security Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us.
CloudRx upholds its stringent Security Policy with the following security measures:
1. Role-Based Usage
CloudRx grants varying degrees of access to users with different levels of authority within a provider practice.
All communication between you and the CloudRx server is secured over HTTPS socket TLS 1.2 connections using 256-bit encryption.
3. Data Privacy and Security
CloudRx takes measures to secure your data on our servers, in our data centre. Our data centre is both physically and electronically secured. Our servers are isolated from the Internet by using a firewall which is a hardware and software system that blocks access by unauthorised parties.
4. Data Privacy and Confidentiality
5. Login ID and Password
Access to your account is controlled by a login ID and a password, which you choose. Strict login ID and password rules help prevent unauthorised users from gaining access to data. We do NOT store a plain text version of your password. Your password is stored using a one way hash 256 bit encryption, which means no one at CloudRx knows what password you have chosen and it is not possible to decrypt. If you ever forget your password, you can choose a new one using an email verification check.
6. Auto Log Out
CloudRx protects you against accidentally leaving your account active on a computer browser screen. The CloudRx server ends your “session” if you are logged into CloudRx but have not actively used the service for a set period of time. This prevents others from accessing your account when you leave a session and forget to log out.
7. Digital Certificates
CloudRx uses a digital certificate issued by Go Daddy a leading Secure Server Certification Authority. This gives you the confidence that you are connected to a site or application operated by CloudRx, and authenticated as such.
8. Sensitive Information
CloudRx handles all your health information with respect to its confidentiality and privacy. We ask that you follow your provider's policy on communicating sensitive information in their practice.
9. Data Integrity
CloudRx is hosted on an Enterprise class infrastructure in a Tier 1 Hosting Centre which is ISO 27001 and PCI DSS compliant to ensure data is secure, available and that access to the website continues without interruption.
10. Storage and Maintenance of Information
For more information regarding the storage and maintenance of information, please contact CloudRx at firstname.lastname@example.org.
We take reasonable measures to secure your data on our servers, in our data centre in line with GDPR. Our data centre is both physically and electronically secured. Our servers are protected behind the Internet by using a firewall system that blocks access by unauthorised parties.
12. What can I do to protect my Privacy?
In order to protect your privacy while using CloudRx, you can:
• Never share your sign in name or password;
• Always sign out when you are finished using the service;
• Choose a strong password that consists of upper and lower case letters and numbers;
• Install and maintain anti-virus software and a firewall on all computers that you use to access the CloudRx service;
• Promptly install all security and software updates for your iPad/iPhone apps, your web browser, and computer operating systems;
• Ensure all steps are taken to keep your devices secured. Do not leave your device unattended whilst logged on and ensure numbers and symbols are used whilst setting up the account password.