Security

Information security overview

Security is in the core of Kaiku Health. Ensuring your data security and providing secure cloud services is paramount to us at Kaiku Health.

This is an overview of our information security that addresses the main concerns related to processing sensitive health information in a cloud service. Please contact us for more detailed description of all the efforts we do to maintain the highest possible level of information security.

Kaiku Health is developed following modern industry-best practices and standards

All employees are required to understand and follow internal security policies and practices. Information security training is included in the onboarding process, and it is regularly revisited. Employees have access only to the sensitive information needed to perform their duties.
All changes in the product are tracked and all code is checked into version-controlled repositories, providing complete traceability throughout the entire development and release process. Changes are required to go through a peer-review and a thorough continuous automatic testing.

Our risk management process is compliant with the international standard ISO 14971 and our software development and maintenance processes are compliant with IEC 62304 standard.

Kaiku Health is hosted in our secure cloud

Hosting Kaiku Health in our secure cloud is the easiest option. The data is stored on our professionally maintained servers that are located within the European Union. The service providers have been security-audited by external parties. The physical infrastructure is at least duplicated including power supply and Internet connections. Firewalls and application level access zones and control ensure that the data is safe.

All data is continuously backed up and stored encrypted in a long-time durable data storage to ensure minimal data loss in the event of a disaster. The servers and backups are monitored with anomaly alerting.

All connections to and from Kaiku Health are secure

All connections, including connections between other systems and Kaiku Health, are strongly encrypted using TLS, allowing Kaiku Health to be used safely even over an open WiFi.

We guarantee high availability of Kaiku Health

Kaiku Health has a track record of 99,9% uptime and we intend to keep it this way.

Kaiku Health has a complete and traceable logging

In order to comply with national and regional laws, Kaiku Health maintains a complete audit log of every action (who viewed what information and when).

The hospital and the patient own the data entered in Kaiku Health

All intellectual property rights to the personal health data entered in Kaiku Health by the medical staff or patients will remain the exclusive property of the hospital and the patient. The patients can easily export all their personal data from Kaiku Health. Access to data is granted to only those personnel whose work requires it. We also aim to find ways to use the accumulated, anonymized data for the benefit of research and development of better treatments in the future.