Microdoc Security Policy

1. Compliance and Standards

Microdoc adheres to industry-leading security and compliance standards, including:

• GDPR (General Data Protection Regulation) compliance for handling personal and medical data of EU users.
• HIPAA (Health Insurance Portability and Accountability Act) compliance for secure handling of patient health information.
• ISO 27001 best practices for information security management.
• HSE and NHS Guidelines for interoperability with healthcare systems in Ireland and the UK.

2. Data Protection and Encryption

• All data, including patient records and medical dictations, are encrypted in transit and at rest using industry-standard AES-256 encryption.
• We utilize secure TLS 1.3 protocols for all data transmissions.
• Sensitive user credentials are stored using hashed and salted encryption (bcrypt or Argon2).

3. Infrastructure Security

• Microdoc's servers are hosted on ISO 27001-certified cloud infrastructure, ensuring high availability and security.
• We employ firewalls, intrusion detection systems (IDS), and endpoint security monitoring to prevent unauthorized access.
• Regular penetration testing and vulnerability assessments are conducted to identify and mitigate risks.

4. Access Control and Authentication

• Multi-factor authentication (MFA) is enforced for all administrative and privileged accounts.
• Role-based access control (RBAC) ensures that only authorized personnel can access sensitive data.
• All access logs are monitored and reviewed for any suspicious activities.

5. Secure AI and Data Processing

• Microdoc's AI-powered dictation services follow strict data anonymization protocols to protect patient privacy.
• No patient data is used for model training unless explicitly authorized.
• All AI interactions are logged and monitored for security and compliance purposes.

6. Incident Response and Monitoring

Microdoc has a dedicated security team that monitors threats and responds to incidents 24/7.

In case of a data breach, we follow a rapid incident response plan, which includes:

• Immediate containment and investigation.
• Notification to affected users and regulatory bodies as required by law.
• Root cause analysis and remediation to prevent future incidents.

7. Secure Integrations with Healthcare Systems

• Microdoc supports secure API-based integrations with hospital and clinic systems, ensuring interoperability while maintaining data privacy.
• HL7 and FHIR standards are followed for seamless electronic health record (EHR) exchange.
• Third-party vendors and integrations undergo rigorous security and compliance vetting before being implemented.

8. User Data Control & Transparency

• Users have full control over their data, with the ability to export, delete, or modify records as needed.
• We maintain a clear and transparent audit trail of all data interactions.
• Regular security and privacy audits ensure compliance with best practices and regulations.

9. Employee Security Training & Awareness

• All Microdoc employees undergo regular cybersecurity training and must comply with strict security protocols.
• Internal policies include zero-trust principles, requiring verification at every access point.
• Access to sensitive data is granted only on a need-to-know basis.

10. Continuous Improvement & Contact

Security is an ongoing process at Microdoc. We continuously monitor emerging threats and adapt our security measures accordingly.

If you have any security concerns or inquiries, please contact our Security Team at security@microdoc.io.