SECURE

REQUEST A DEMO

Data security is at the core of our product design as a cloud-based, SaaS product. Our work with public and private health sector clients means that we have, for many years, considered the ramifications of patient identifiable data in our system.

Data security is at the core of our product design as a cloud-based, SaaS product. Our work with public and private health sector clients means that we have, for many years, considered the ramifications of patient identifiable data in our system.

We hope people take confidence from the knowledge we provide large scale programmes to Governments in several countries. These programmes have involved extensive audit and compliance reviews and have guided much of the data governance now offered to all clients.

The following items are intended as a high level view of how we run things to help assure new customers that our approach to security is both rigorous and well developed.

If you have any further questions please get in touch below and we will provide access to our full security policy where adherence to the following standards originates:

ISO 22313 – Business Continuity
ISO 27002 – Information Security
ISO 29151 – Protecting Personally Identifiable Information
ISO 27017 – Cloud Security

Overview

Cemplicity has a very strong policy framework in place that ensures:

Access control, Anti-Virus, Business Continuity/DR, Cloud computing controls, Communication and mobile processes, Rules around computer systems and equipment use, Cyber crime and Security incident procedures, Encryption processes, Firewall, hardware and information management, Internet use policies, Network management, Password and authentication rules and produres, Personnel management, Physical and remote access rules, Software management and Protective monitoring

We are a group of companies that adhere to the laws in NZ, Australia, England and Ireland (depending on where you are based).

Cemplicity hosts with Amazon Web Services (AWS).  AWS provides reliable, scalable and secure infrastructure through a global network that spans 18 separate geographical regions. We host your data in the region where your data originates (data never leaves that region).

For some NZ health clients we use Datacom as our infrastructure provider.

Cemplicity is a multi-tenanted, though region specific, application that centres around the same code base.  We use isolation techniques that are regularly monitored by our security partner Insomnia at both code and vulnerability levels.

In the sections below you’ll find more detailed information about our configuration.

Data Governance

 We are committed to the highest standards of data governance and professional standards. As healthcare sector specialists, respecting patients’ rights to privacy and the secure handling of their information is central to Cemplicity’s approach. It impacts on every aspect of our technology and service design.

When an organisation starts working with us, we review in detail our data governance approach. We have spent the last year learning about the General Data Protection Regulations in the EU and ensuring both our system and supporting processes are compliant.

Some of the bigger design features of the Cemplicity approach are that data is hosted in region and patient identifiable fields are only held for as long as needed to invite people to give feedback. Once invitations are sent, these fields are permanently deleted from the Cemplicity system.

Other data received from the patient management system can also be flagged for permanent deletion, often once it has been aggregated and anonimised.

We are also able to offer clients different ‘opt in’ procedures to ensure patients are able to control the use of their personal data at all times.

Cemplicity surveys are offered to patients with the promise of anonymity. This is stated clearly in the survey invitation and introduction. Throughout the survey, above open comment boxes, we remind respondents not to say anything that might identify themselves to people viewing reports. Clients can also use our moderation tools to remove sensitive comments (e.g. staff names) from comments before the comments are published to the reporting portal.

Configurable system features also ensure that people viewing reports cannot drill down so far into results that individual respondents can be identified.

SOME OF OUR FEATURES

(Please click on the features below to discover more about each one)

Data Capture

Dashboards

Reporting

Take Action

Question Sets

Patient Privacy and Security

Request access to our full security policy