We consider data security and privacy as very important. Our data security policy complies with the highest actual standards for the exchange of patient information. Below, we explain the security and accessibility policies implemented by biopsy.me.
In order to use the services of biopsy.me, you have to register on our platform by creating an account. After
entering the required registration information as a new user, you will be
able to access your user account immediately. The password is chosen by you directly as part of the registration process and is not sent to you by any
other means. The acceptable minimum
password length is 8 characters. We recommend that you use a strong password, including letters, cases, numbers, and non-alphanumerical characters to provide maximal protection.
Each time you login to the system you will be required to
authenticate your identity by entering your previously supplied e-mail
address and password. Upon successful login, you are issued a unique
“session id” (does not include any personally identifiable information)
which allows you to remain active as long as actions are performed in
the system. In case the session has timed out, you will be required to
re-enter your e-mail address and password. If an incorrect password is
supplied, or if you simply forget your password, you may need to
re-establish your identity following the instructions above. After an
undisclosed number of unsuccessful login attempts, you will be locked
out.
We use encryption technology to ensure the safe transmission of your information and documents when logged into the system. Your browser provides security by allowing us to use Secure Socket Layer (SSL) encryption up to 128-bit key length encryption when transmitting information and documents. The number of bits of secret key length varies between 40 and 128 depending on your browser’s capability. The highest available bit length is always used. All communication between your computer and SlideSpace is encrypted using SSL.
Biopsy.me uses the AWS (Amazon Web Services) platform to store and exchange patient data with the reviewing pathologist. AWS applies security best practices and manages
platform security using the highst standards. The AWS
platform inherently protects customers from threats by applying security
controls at every layer from physical to application, isolating
customer applications and data, and with its ability to rapidly deploy
security updates without customer interaction or service interruption.
For detailed information about the security policy of AWS see: https://aws.amazon.com/security.
AWS’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely. For additional information see: https://aws.amazon.com/security.
We take various measures to protect client and patient information while it is stored. All employees at biopsy.me and all doctors from its pathologists network are bound by a confidentiality and non-disclosure agreement prohibiting access to and dissemination of information. In addition, only the key administrators at biopsy.me have knowledge of the design and implementation of the security system.
In addition to client data, some personal information is stored in our databases and in browser cookies. For a complete list of what personal and demographic information is stored we refer to the Privacy Policy statement of biopsy.me.
Access to the patient's biopsy data and review by a pathologist is achieved using the SlideSpace platform facilitating pathologist interoperability. The SlideSpace application runs within its own isolated environment at the AWS platform and cannot interact with other applications or areas of the system. This restrictive operating environment is designed to prevent security and stability issues. These self-contained environments isolate processes, memory, and the file system using LXC while host-based firewalls restrict applications from establishing local network connections. For additional technical information see: https://aws.amazon.com/security.
Every change to your data is written to write-ahead logs, which are shipped to multi-datacenter, high-durability storage. In the unlikely event of unrecoverable hardware failure, these logs can be automatically ‘replayed’ to recover the database to within seconds of its last known state. Biopsy.me stores the last 7 day back-ups and 5 week back-ups.
Cookies and Privacy: This website uses cookies to improve your experience, analyze traffic, and avoid spam and abuse. By using the website, you agree to the biopsy.me Privacy and Cookie Policy.
