At OsteosOnline, we take the protection of your privacy, data, and medical information very seriously. We strictly adhere to the General Data Protection Regulation (GDPR) and relevant laws and regulations to ensure that your personal and medical data is securely processed. Below, we explain how we handle the data you entrust to us and the measures we take to protect it.
1. What data do we collect?
Depending on the services you use, we collect various types of data, including:
- Personal Data: Name, address, phone number, email address, and IP address.
- Medical Data: Treatment history and other health information in our electronic patient record (EPR).
- Usage Information: Login times, preferences, and other data on your interactions with our tools and app.
- Reviews: Through our collaboration with FeedbackCompany, we collect patient reviews to improve our services.
2. Anonymization and pseudonymization
To ensure patient privacy, sensitive data is anonymized or pseudonymized:
- Anonymization: Where possible, personal data is anonymized so it cannot be directly linked to you.
- Pseudonymization: For data needed for research or improvement purposes, personal data is replaced by a pseudonym, limiting traceability to an individual.
3. Encryption
All sensitive data is encrypted, both during transmission and storage:
- Encryption in Transit: We use TLS encryption to ensure data is securely transmitted.
- Encryption at Rest: Your data is stored using AES-256 encryption, one of the highest security standards in the industry.
4. Access management and authentication
Access to sensitive data is strictly limited to authorized osteopaths and staff:
- Role-Based Access: Data access is restricted based on the role of the staff member or osteopath, ensuring only relevant information for their tasks is accessible.
- Access Control: Only authorized personnel can access your data, and all access attempts are carefully logged and monitored.
5. Secure data storage