Committed to security and compliance
MedAdvisor is keenly committed to the protection of customer information through a comprehensive information security program. Our Information Security Management System has been certified as compliant by ISO 27001, the global gold standard for information security management. We know that guardianship of health information requires the most stringent privacy and security standards and have forged our program on the foundations of the Australian Privacy Principles, the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR).
MedAdvisor employs a “Privacy by Design” framework across all system development and deployment to ensure full integration of privacy requirements, including data minimization and anonymization where feasible.
As part of MedAdvisor’s mission to simplify medication management and improve health outcomes, aggregated and anonymized data may be shared with third parties. For example, to enable patients to receive communications about the medications they have been prescribed.
All data is encrypted using 256-AES encryption, one of the strongest block ciphers available.
MedAdvisor’s platform is hosted within your region and all data is continuously replicated across multiple availability zones to ensure maximum availability of services.
MedAdvisor uses data in a fair and lawful way, as expressly authorized by our terms and conditions and where the patient provides their consent. We also analyze aggregated and anonymized data to help improve health outcomes for people around the world, including to enable communications with patients about their prescribed medications. Aggregate data analysis enables us to provide programs which directly benefit pharmacies and patients.
We use aggregated and anonymized data to improve medication adherence and health outcomes for people around the world.
As part of MedAdvisor’s commitment to maintain compliance with HIPAA, GDPR, and the APP, all access to customer data is maintained in accordance with least privilege. Only the MedAdvisor employees and approved third party users with a valid business need are granted access and only for the limited purpose and period of time needed for the business use. MedAdvisor performs privacy impact assessments and regularly audits access records to ensure that access is lawful and strictly limited to least privilege at all times.
Yes, as part of maintaining our ISO 27001 certification, our Information Security Management System, inclusive of all information security controls related to the delivery of MedAdvisor Services undergoes an independent audit on a minimum annual basis. We also test for system vulnerabilities through periodic third party penetration testing.