New SDK Release: Build secure medical apps faster with our tools for EHRs, devices, and patient-doctor solutions. Explore CardinalSDK

Hoofdmenu
Producten
Cardinal Backend & SDK Cardinal Data Exchange Module Cardinal Free Health Connector Gebruikscases
Nieuws
Neem contact op
Back to blog

February 20, 2024

Healing the Trust Gap: Rebuilding Confidence in MedTech and Healthcare

post illustration

Imagine letting an algorithm diagnose your illness or entrusting a robot with your surgery.

Sounds futuristic, right?

But that’s the reality shaping up in healthcare, powered by a wave of medtech innovations. Yet, along with these advancements, one fundamental question remains: can we trust them?

Trust isn’t just a doctor’s warm smile or a reassuring pat on the shoulder — it’s the very oxygen that keeps medical progress alive. It fuels our willingness to embrace new technologies, knowing they’ll do more good than harm. But today, with data becoming the lifeblood of healthcare, the equation has shifted. Technology, like the EHRs storing our medical secrets, is now part of the equation. Privacy and security concerns have become woven into the fabric of trust, demanding a deeper understanding of what fosters it and how to nurture it in this ever-evolving landscape.

This article embarks on a journey to dissect the DNA of trust in MedTech. We’ll dive into the factors that influence our decisions, from transparency to proven effectiveness.

Ultimately, we aim to illuminate the critical role trust plays in shaping the future of healthcare, where humanity and innovation coexist in a harmonious dance.

Ready to dive into the heart of trust in MedTech? Buckle up, it’s going to be a fascinating exploration!

Trust: The Tightrope Walk of Progress in Healthcare’s Digital Revolution

Healthcare data.

A treasure trove of personal information, holding the key to diagnosis, treatment, and sometimes, even life itself. But like any prized possession, trust in its security, accessibility, and truth forms the bedrock of its value. Is it Fort Knox for your health or a leaky sieve waiting to spill?

Let’s dive into the data labyrinth and the trust concerns that twist through it.

First, the fortress walls: Data security. Breaches are the boogeymen of our digital age, and healthcare data, brimming with vulnerability, is a prime target. Can we truly trust it’s shielded from prying eyes and malicious hands? This foundation of trust in MedTech must be rock-solid for patients to share their most sensitive details.

Next, the access dilemma: Accessibility. Imagine needing your medical history at a new doctor’s, but it’s locked away, inaccessible. It’s a frustrating reality for many. Who can see our data, and who can’t? Striking the balance between confidentiality and necessary access is key to building trust.

Now, the truth test: Data quality. Inaccurate data is worse than no data at all. Imagine a misdiagnosis based on faulty information. Is the data accurate, complete, and understandable? The lack of a central auditing body raises a red flag, highlighting the crucial need for data integrity.

Now, the rabbit hole deepens. Data authenticity throws another wrench in the works. Is the information truly mine? Imagine presenting your ID in an emergency, only to have it lead to a frustrating maze of merging records. Even patient identification, seemingly simple, becomes a complex dance.

Next, there’s the control conundrum. Who holds the reins of our data?

Patients and practitioners alike often feel adrift in a sea of uncertainty. Who ultimately governs access? Trust requires transparency and understanding, something currently lacking in this data ecosystem.

NHS & Palantir: A Dance with Data Dilemmas and Patient Trust

The NHS, the beating heart of healthcare in the UK, has partnered with a controversial dance partner: Palantir, a tech giant known more for intelligence work than doctor's visits. This £330 million tango has sparked a fiery debate, igniting concerns about patient privacy and the delicate balance between progress and trust.

Palantir`s past throws a long shadow. Whispers of its involvement in surveillance and human rights issues raise eyebrows and send shivers down spines. Can we truly trust them with the treasure trove of sensitive data that is our health information?

The NHS assures us it's built Fort Knox for our data, promising stringent security and ironclad control. But trust, like a fragile butterfly, takes flight easily. And here's the kicker: patients can't even say no to their data waltzing into Palantir's system. This opt-out limbo fuels the fire, leaving many asking: is this an ethical way to handle healthcare in the digital age?

This isn't just about ones and zeros; it's about the human equation. When it comes to our health, trust is the oxygen that keeps us going. Can the NHS and Palantir find a rhythm that respects privacy, promotes transparency, and ultimately, earns the trust of the patients they serve? Only time will tell if this data dance leads to a healthier future or ends in a privacy pirouette that leaves everyone dizzy and disoriented.

The spotlight is on, the music is playing, and the world is watching. Will this be a graceful collaboration or a misstep in the ethical handling of healthcare data? The answer lies in the trust they build, one transparent step at a time.

The journey through healthcare data isn’t just about numbers and systems; it’s about trust, the delicate thread woven between patients, providers, and technology.

Addressing these concerns, building robust security, ensuring accessibility, and guaranteeing data quality is the vital path to forging trust in MedTech in the digital age of healthcare. Only then can we unlock the true potential of data, not just for progress but for a future where transparency and trust go hand in hand.

Paper to Pixels: The Data Dance in Healthcare’s Digital Revolution

Remember the days of dusty files and indecipherable scribbles? Healthcare has traded them in for sleek screens and digital records, a revolution with two sides to its shiny coin. On one hand, information dances freely, flowing from doctor to doctor, fueling better care and smoother diagnoses. EHRs hold our medical history like digital vaults, accessible, organized, and error-free, leading to informed decisions and improved outcomes.

But where convenience waltzes in, security concerns come onto the scene. These precious records, brimming with personal details, become targets for breaches, leaks, and cyberattacks. A breach of trust can have severe consequences, shaking the very foundation of healthcare – confidentiality.

Doctolib's Data Hiccup: A Glitch in Trust and Transparency

Doctolib, the French healthcare appointment platform, stumbled recently, losing thousands of medical records in a digital disappearing act. This technical glitch, like a magician's failed trick, left patients confused and frustrated. While the platform claims the data is recoverable, a cloud of mistrust lingers, fueled by concerns over Doctolib's response.

Unlike a malicious hacker, this was a software bug, a piece of code gone rogue. But trust isn't built on code alone. Transparency is the key that unlocks understanding. Doctolib's response, perceived as delayed and insufficient, left patients feeling like bystanders in their own healthcare narrative. Clear communication, timely updates, and proactive problem-solving are essential to rebuilding trust after a stumble.

This incident isn't just a local hiccup; it's a global reminder. As healthcare embraces technology, data protection can't be an afterthought. Transparency must be woven into the fabric of every platform and every interaction. Only then can we ensure that when we trust our health to the digital realm, it's not a leap of faith but a confident step forward.

Doctolib's glitch may be fixed, but the road to regaining trust requires more than just restored records. It demands a commitment to data security, transparency, and open communication – the cornerstones of a truly healthy digital healthcare ecosystem.

Countries around the world are grappling with this digital dilemma, each with their own steps on this data dance floor. Regulations and practices vary, reflecting legal, cultural, and ethical norms. Some, like Switzerland, lead the way with cutting-edge encryption, shielding data within its vault and granting access only to the chosen few. This approach places trust at the core, trusting not just the people but the technology itself.

Their example shines a light on the path forward: robust cybersecurity needs to be more than just fancy footwork. Clear guidelines for access and handling are essential, and innovation must keep pace with the ever-evolving threats.

But this dance requires more than just tech steps. Doctors and healthcare professionals need to be trained in the language of digital data and understand the risks and responsibilities. Patients, too, must be informed partners, aware of how their information is used and protected. Only then can trust truly take center stage.

The transformation isn’t just about pixels and paper; it’s about a cultural shift. As we navigate this digital dilemma, let’s remember: trust is the rhythm that keeps us moving forward, ensuring healthcare’s dance with technology leads to a healthier future for all.

Data Dilemmas & Patient Power: Striking the Right Chord in Healthcare’s Digital Age

Handing the reins of your health to the digital realm? Sounds empowering, right? But with power comes responsibility, and healthcare data raises some key questions: Who gets to see your medical files? Is it just your doctor, or is it an orchestra of unknown players? This complex melody leads us to a deeper question: Can we truly be empowered patients if trust in the doctor-patient dance is out of tune?

In the digital world, access to your health records is like a VIP backstage pass, guarded by intricate permissions and protocols. But whispers of unauthorized sharing linger, casting shadows on intentions and ethics. It’s a reminder that robust governance and clear ethical guidelines are the bodyguards of patient privacy and trust in this digital healthcare show.

Data Breach Blues: Concentra Joins the Chorus of Millions Exposed

Remember that nagging feeling when your medical records go digital? Concentra, a healthcare provider in Texas, knows it all too well. Their medical transcription partner, PJ&A, hit a sour note with a cyberattack, exposing the sensitive health information of almost 9 million patients. And Concentra just added their own 3.9 million voices to the chorus of the largest healthcare data breach of 2023.

This digital nightmare started at PJ&A, where hackers allegedly waltzed in and swiped patient data between March and May 2023. Names, addresses, diagnoses, treatment details – a treasure trove of personal information left vulnerable. PJ&A reported the breach, but like a song stuck on repeat, some clients, including Concentra, decided to raise their own alarms.

Concentra`s confirmation in January 2024 brought the total affected to a staggering 14 million. But the melody of concern isn't over yet. PJ&A hasn't revealed the full list of exposed clients or the total number of compromised records, leaving a shroud of uncertainty hanging over healthcare providers and patients alike.

This data breach blues has spilled over into the courtroom, with at least 40 lawsuits already filed against PJ&A.

This data breach isn't just a statistic; it's a reminder of the delicate trust we place in healthcare providers and the digital systems they use.

As the digital revolution marches on, ensuring data security needs to be more than just a backup singer; it needs to be the lead vocalist, belting out its importance loud and clear. Only then can we rewrite the lyrics of healthcare data breaches and compose a future where trust and security are harmonious companions. Let's hope the melody changes, and soon, to a chorus of robust security and unwavering patient trust.

Often, the developers behind our health apps take center stage, assuring us, “Don’t trust us, we don’t have your data!” While comforting, this shifts the responsibility onto our shoulders – becoming data management maestros ourselves. * Empowerment* in this context means equipping us with the tools and knowledge to make informed decisions about our health information.

But here’s the rub: digital literacy varies like the notes on a scale. Not everyone can decipher the complex medical jargon or navigate the intricacies of data-sharing policies.

Healthcare systems must become orchestra conductors, crafting accessible and user-friendly platforms where understanding and control are within reach. Imagine clear explanations, like song lyrics, and easy ways to grant or revoke access, like raising or lowering the volume.

Ultimately, striking the right chord in this digital symphony requires more than just technology.

It’s about empowering patients with knowledge, respecting their autonomy, and building trust through transparency and ethical practices. Only then can we truly harmonize the power of patient data with the melody of a healthier future for all — because healthcare’s digital revolution isn’t just about screens and data; it’s about ensuring every patient has the power to sing their own health song, loud and clear.

New York Raises the Cybersecurity Shield: Hospitals on Guard!

Remember those chilling headlines about cyberattacks crippling hospitals, delaying care, and jeopardizing patient safety? New York State isn't just reading them, they're rewriting the narrative. They're raising the cybersecurity shield, proposing tighter regulations for hospitals, determined to safeguard healthcare from the digital shadows.

The state has seen enough disruption, enough delays, and enough risks. So, what's on the script?

New York hospitals will need to beef up their IT security. Appointing a Chief Information Security Officer is now mandatory. But just having a leader isn't enough. They need an arsenal of tools: defensive infrastructure, multifactor authentication (like double-locking your doors), and regular risk assessments to spot vulnerabilities before they become attack vectors. Developing in-house apps? Secure code becomes your mantra. And when it comes to third-party software, stringent testing becomes the norm. Think of it as vetting your digital allies before letting them access your sensitive data.

But what if the worst happens? A cyberattack strikes. New York hospitals will need incident response plans, the pre-written scripts for this digital drama.

Building a robust cybersecurity culture is the ultimate goal. New York is raising the bar, and other states might just follow suit. Only when security becomes that essential, can we ensure hospitals are fortresses, not targets, and patients receive the care they deserve, uninterrupted and uncompromised.

Data control is just the first verse in the song of patient empowerment in healthcare. We need a full-fledged symphony, where patients hold the baton, conducting their treatment plans, decision-making, and even the development of healthcare technologies.

Imagine this: patients as co-creators, their voices shaping the services and technologies that impact their lives. This isn’t just wishful thinking; it’s the key to ensuring healthcare truly plays a melody in tune with the needs and preferences of those it serves.

But the instruments of empowerment need tuning, too.

Legal frameworks and policies must uphold patient rights in this digital healthcare orchestra. Consent for sharing that data must be informed and deliberate, not a mumbled agreement in the background. And what about accessing one’s own health information? That solo shouldn’t be drowned out by technical complexities.

The grand finale? A healthcare environment where patients feel like the maestros of their own health. Confidence and control over their data, yes, but also the assurance that it’s used responsibly and ethically to improve outcomes. This isn’t just about protecting individual notes; it’s about crafting a symphony of trust, collaboration, and participation.

In the digital age of healthcare, patients aren’t passive listeners; they’re active participants. Empowering them isn’t just the right thing to do; it’s the key to composing a healthcare future where everyone benefits, patients and providers alike. Let the music of patient empowerment play on, loud and clear!

Tech Tune-Up: Building Trust & Confidence in Healthcare's Digital Symphony

Technology is tapping its foot, eager to join the healthcare orchestra, but some patients are hesitant to take the stage. A new report by NHS Confederation and Google Health reveals the key notes needed to harmonize this digital melody: trust and confidence.

While the report finds widespread acceptance of health tech's potential, concerns about data privacy linger like a discordant note. 59% of patients worry about their information staying private, highlighting the need for clear communication and robust safeguards.

But trust isn't just about data; it's about empowerment. Many, especially older adults, lack the confidence to use these digital tools. Here's where healthcare professionals and technology providers step in as the conductors, guiding and training patients to navigate the tech landscape.

The report paints a fascinating picture of age-related preferences. Younger generations see tech as an empowering tool, with 68% of 18-25 year-olds feeling confident about it, compared to only 48% of those over 55. This digital divide, coupled with lower tech usage among older adults, underscores the risk of exclusion.

So, let's turn up the volume on communication, education, and accessibility. Let's make sure the digital revolution in healthcare isn't just about the latest tech; it's about empowering everyone to take control of their health and join the harmonious melody of well-being.

Building MedTech Trust: A Symphony of Transparency, Ethics & Education

The melody of healthcare got a new instrument: Medical Technology. But will it harmonize with patients or leave them on a sour note? Trust is the key chord, and its composition requires careful attention.

Imagine patients no longer just listening to diagnoses but actively engaging in decision-making. This empowered audience demands transparency.

Clear communication about how MedTech works, its benefits and risks, becomes essential. Demystifying the complex tech fighting fear and misconceptions, is the secret sauce for building this trust.

But transparency isn’t a solo act. Healthcare providers need to be well-versed in this new technology and able to offer informed advice and the best care. Ongoing training and education are their instruments, ensuring they can play their part flawlessly in the healthcare symphony.

Now, let’s talk about the ethical considerations, the quiet undertones that hold everything together. AI and data handling are sensitive notes demanding meticulous attention.

Patients entrust their personal information, expecting privacy and security. A data breach or misuse can shatter trust like a dropped cymbal. Strict ethical guidelines and robust security measures are the essential safeguards, ensuring every note rings true.

Trust in healthcare and MedTech isn’t a single melody but a complex symphony. The technology’s reliability sets the baseline, while transparent communication, ethical practices, and continuous education weave the harmony. Only by nurturing this trust can we ensure the seamless integration of technology, empower patients, and compose a future where the best patient outcomes are the grand finale.

So let the symphony begin! Let’s play the notes of trust, transparency, and ethics loud and clear, ensuring healthcare’s digital revolution leads to a future where technology and patients find perfect harmony.

Back

Terms of use

www.iCure.com

1. RECITALS

ICure SA is incorporated in Geneva, Switzerland, with a registered office at Rue de la Fontaine 7, 1211 Geneva, Switzerland registered in the commercial registry under CHE-270.492.477 (“iCure”).

These Terms of Use constitute a legally binding agreement made between you, whether personally or on behalf of an entity (“you”) and iCure SA (“we,” “us” or “our”), concerning your access to and use of the https://www.icure.com website as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Website”).

When you accept, these Terms form a legally binding agreement between you and iCure. If you are entering into these Terms on behalf of an entity, such as your employer or the company you work for, you represent that you have the legal authority to bind that entity.

PLEASE READ THESE TERMS CAREFULLY. BY REGISTERING FOR, ACCESSING, BROWSING, AND/OR OTHERWISE USING THE iCURE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS. IF YOU DO NOT AGREE TO BE BOUND BY THESE TERMS, DO NOT ACCESS, BROWSE, OR OTHERWISE USE THE ICURE WEBSITE.

iCure may, in its sole discretion, elect to suspend or terminate access to, or use of the iCure to anyone who violates these Terms.

All users who are minors in the jurisdiction in which they reside (generally under the age of 18) must have the permission of, and be directly supervised by, their parent or guardian to use the Website. If you are a minor, you must have your parent or guardian read and agree to these Terms of Use prior to you using the Website.

The original language of these Terms and Use is English. In case of other translations provided by iCure, the English version shall prevail.

2. INTELLECTUAL PROPERTY RIGHTS

The Content of the documentation stated on this Website is ours. All Marks, Content that concern iCure cannot be copied, reproduced, aggregated, republished, uploaded, posted, publicly displayed, encoded, translated, transmitted, distributed, sold, licensed, or otherwise exploited for any commercial purpose whatsoever, without our express prior written permission.

Provided that you are eligible to use the Website, you are granted a limited license to access and use the Website and to download or print a copy of any portion of the Content to which you have properly gained access solely for your personal, non-commercial use. We reserve all rights not expressly granted to you in and to the Website, the Content, and the Marks.

3. USER REPRESENTATIONS

By using the Website, you represent and warrant that:

  1. All registration information you submit will be true, accurate, current, and complete; you will maintain the accuracy of such information and promptly update such registration information as necessary.
  2. You have the legal capacity, and you agree to comply with these Terms of Use.
  3. You are not under the age of 13.
  4. Not a minor in the jurisdiction in which you reside, or if a minor, you have received parental permission to use the Website.
  5. You will not access the Website through automated or non-human means, whether through a bot, script, or otherwise.
  6. You will not use the Website for any illegal or unauthorized purpose.
  7. Your use of the Website will not violate any applicable law or regulation.

4. PROHIBITED ACTIVITIES

You may not access or use the Website for any purpose other than that for which we make the Website available. The Website may not be used in connection with any commercial endeavors except those that are specifically endorsed or approved between you and iCure.

As a user of the Website, you agree not to:

  1. Publishing any Website material in any other media.
  2. Selling, sublicensing, and or otherwise commercializing any Website material.
  3. Publicly performing and or showing any Website material.
  4. Using this Website in any way that is or may be damaging to this Website.
  5. Using this Website in any way that impacts user access to this Website.
  6. Using this Website contrary to applicable laws and regulations, or in any way may cause harm to the Website, or to any person or business entity.
  7. Engaging in any data mining, data harvesting, data extracting, or any other similar activity in relation to this Website.
  8. Using this Website to engage in any advertising or marketing.

5. NO WARRANTIES

This Website is provided “as is,” with all faults, and iCure expresses no representations or warranties, of any kind related to this Website or the materials contained on this Website. Also, nothing contained on this Website shall be interpreted as advising you.

6. LIMITATION OF LIABILITY

In no event shall iCure, nor any of its officers, directors, and employees shall be held liable for anything arising out of or in any way connected with your use of this Website whether such liability is under this agreement. iCure, including its officers, directors, and employees shall not be held liable for any indirect, consequential, or special liability arising out of or in any way related to your use of this Website.

7. INDEMNIFICATION

You hereby fully indemnify iCure from and against any and/or all liabilities, costs, demands, causes of action, damages, and expenses arising in any way related to your breach of any of the provisions of these Terms.

8. SEVERABILITY

If any provision of these Terms is found to be invalid under any applicable law, such provisions shall be deleted without affecting the remaining provisions herein.

9. VARIATION OF TERMS

iCure is permitted to revise these Terms at any time as it sees fit, and by using this Website you are expected to review these Terms on a regular basis.

10. ASSIGNMENT

iCure is allowed to assign, transfer, and subcontract its rights and/or obligations under these Terms without any notification. However, you are not allowed to assign, transfer, or subcontract any of your rights and/or obligations under these Terms.

11. ENTIRE AGREEMENT

These Terms constitute the entire agreement between iCure and you in relation to your use of this Website and supersede all prior agreements and understandings.

12. GOVERNING LAW & JURISDICTION

These Terms shall be governed by and construed in accordance with the laws of Switzerland, without regard to its conflict of law provisions.

The parties shall attempt to solve the matter amicably in mutual negotiations. In case of a non-amicable settlement that has been found between the parties, the Court of Geneva will be competent.

13. PRIVACY

Please refer to our Privacy Policy and Cookie Notice for the Data that we collected from the contact form and the Matomo cookie.

IMAGE ATTRIBUTION

In the development of our website, we have incorporated various icons to enhance visual appeal and convey information effectively. We extend our sincere appreciation to the talented designers and contributors who have generously shared their work with the community. Below is an acknowledgment of the resources we have utilized:

SVG Repo: A repository SVG icons. We integrated their icons into our website. Specifically:

  1. Work by author vmware, Key Badged SVG Vector under MIT License
  2. Work by author Twitter, Cloud SVG Vector under MIT License
  3. Work by author Garuda Technology, Node Js SVG Vector and React SVG Vector under MIT License

Thanks to the authors who contributed to the: SVGRepo, Unsplash, Maxipanels community.

iCure features logos from various products, libraries, technologies, and frameworks that our project interacts with. It is important to note that iCure does not hold any proprietary rights to these logos or the products they represent.

iCure SA

Contact: contact@icure.com

Last update: February 20th, 2024.

Information Security Policy

www.iCure.com

1. Introduction

The iCure universe is built on trust. Guaranteeing the confidentiality of the data that are entrusted to us is our highest priority.

The Information Security Policy of iCure abstracts the security concept that permeates every activity and abides by the ISO 27001:2013 requirements for Information Security, so that we ensure the security of the data that iCure and its clients manage.

Every employee, contractor, consultant, supplier and client of iCure is bound by our Information Security Policy.

2. Our Policy

iCure is committed to protecting the confidentiality, integrity and availability of the service it provides and the data it manages. iCure also considers protecting the privacy of its employees, partners, suppliers, clients and their customers as a fundamental security aspect.

iCure complies with all applicable laws and regulations regarding the protection of information assets and voluntarily commits itself to the provisions of the ISO 27001:2013.

3. Information Security Definitions

Confidentiality refers to iCure’s ability to protect information against disclosure. Attacks, such as network reconnaissance, database breaches or electronic eavesdropping or inadvertent information revealing through poor practices.

Integrity is about ensuring that information is not tampered with during or after submission. Data integrity can be compromised by accident or on purpose, by evading intrusion detection or changing file configurations to allow unwanted access.

Availability requires organizations to have up-and-running systems, networks, and applications to guarantee authorized users’ access to information without any interruption or waiting. The nature of data entrusted to us requires a higher-than-average availability.

Privacy is the right of individuals to control the collection, use, and disclosure of their personal information. Our privacy policies are based on the GDPR(https://gdpr-info.eu/) and can be augmented by added requirements of specific clients or law areas.

4. Risk Assessment

The main threats iCure is facing as a company are:

  1. Data Theft;
  2. Data Deletion;
  3. Denial of Service attacks;
  4. Malware;
  5. Blackmail and Extortion.

As providers of a solution used by developers active in Healthcare, we also have to anticipate the risks of:

  1. Attacks on our clients’ data, which could lead to major social damages and a loss of trust in our solution;
  2. Abuse of our solution by ill-intentioned clients, that could impact the quality of the service provided to the rest of our clients.

The motivation of the attackers in the latter cases can range from financial gain to political or ideological motivations.

A last risk is linked to the nature of the healthcare data we handle. We must ensure, that the data we handle are not used for purposes other than those for which they were collected:

A piece of data collected from a patient for the purpose of a medical consultation should not be available to third parties, not even a government agency.

5. Risk Management

The main principles we apply to manage the risks we face are:

  1. Confidentiality by design: All sensitive data is encrypted end-to-end before being stored in our databases. We do not have any access to the data we store. Our client’s customers are the only ones who can decrypt the data we store.
  2. Anonymization by design: Healthcare information that has to be stored unencrypted is always anonymized using end-to-end encryption scheme. This means that the link between the healthcare and administrative information must be encrypted.

Those two principles allow us to minimize the risks of data theft, blackmail, extortion, and coercion by government agency.

  1. Multiple real-time replicas, with automatic failover: We use a distributed database architecture to ensure that our data is available at all times. We use a master-master architecture, each data is replicated at least 3 times. Snapshots are taken every day to ensure that we can restore the data in case of a malevolent deletion event.
  2. Automatic password rotations: no single password can be used for more than 48 hours. Passwords are automatically rotated every 24 hours. In case of a password leak, we can limit the window of opportunity for an attack.

Those two principles allow us to minimise the risks of data deletion, denial of service attacks, and malware.

  1. Minimization of the attack surface: we deploy our systems in the most minimal way. We only expose the network services that are strictly necessary.
  2. Strict dependency management: we only use open-source software that is regularly updated and audited by the community. We favor dependency management software and providers that minimize the risk of supply chain poisoning.

Those two principles allow iCure to minimise the risks of intrusion by vulnerability exploit or supply chain attacks, two risks that could lead to data theft or data deletion.

6. Further Information

This policy is valid as of November 10th, 2022. For futher information please connect with us at privacy@icure.com

Impressum

iCure SA

Place de la Bourse-aux-Fleurs 2, Case postale 45, 1022 Chavannes-près-Renens, Switzerland

CHE-270.492.477

Website: https://icure.com/

Contact email: client@icure.com

Privacy request: privacy@icure.com

cookie

Deze website gebruikt cookies

We gebruiken slechts één cookie-applicatie voor intern onderzoek naar hoe we onze service voor alle gebruikers kunnen verbeteren. Het heet Matomo en slaat de informatie geanonimiseerd en voor beperkte tijd op in Europa. Voor meer details verwijzen we u naar onze Privacybeleid en .

Cookie Notice

www.iCure.com

1. Cookies basic information

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology (for further information, visit allaboutcookies.org.)

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

2. Types of cookies

Types of cookies depending on the organisation managing them:

Own cookies: these cookies are sent to the user’s terminal from a computer or domain managed by the owner of the website from which the service requested by the user is provided.

Third-party cookies: these cookies are sent to the user’s terminal from a computer or domain not managed by the owner of the website from which the service requested by the user is provided, but by another organisation that processes the data obtained through the cookies. In addition, if the cookies are installed from a computer or domain managed by the Website owner but the information collected by them is managed by a third party, they will also be considered third-party cookies.

Types of cookies according to the length of time they remain active:

Session cookies: these cookies are designed to collect and store data when the user accesses a website. They are generally used to store information that only needs to be kept for the provision of the service requested by the user on a single occasion (for example, a list of products bought) and disappear when the user logs off or ends the session.

Persistent cookies: with these cookies, the data continue to be stored in the terminal and may be accessed and processed for a period defined by the person/entity responsible for the cookie, which may range from a few minutes to several years.

3. How and what cookies do we use

Strictly necessary/ functional cookies (these cookies are Mandatory): are essential to help you move around a website and use its features. They don’t collect information that identifies a visitor.

Analytical cookies (with your consent): collect information about how visitors use a website and help website owners improve site performance. They don’t collect information that identifies a visitor.

4. Cookies used on our website

Our web analytics open-source program, Matomo, uses two types of cookies for analyzing page usage: a session cookie ("MATOMO_SESSID") that lasts for 30 minutes and a persistent cookie ("_pk_id.xxx") that remains beyond the browsing session, allowing anonymous tracking of website usage for up to 13 months (without collecting personal information). Matomo temporarily stores user data, including IP addresses, on our server in anonymized form for evaluation before deletion. This data is solely used for our personnal analysis, with no sharing with third parties.

  • Host: Matomo
  • Cookie name: MATOMO_SESSID
  • Expiration: Session 30 min

  • Host: Matomo
  • Cookie name: _pk_id.xxx
  • Expiration: 13 months

For the purposes of analyzing website usage and to optimize its services. The legal basis for the use of Matomo is Article 6, 1 (a) of the GDPR (consent).

5. Users preference

The user can, at any time, allow, block or delete the cookies installed on his/her device by changing the settings on the browser installed on his/her computer:

  • Chrome Chrome Settings -> Advanced -> Privacy -> Content settings. For more information, consult Google support or your browser Help.
  • Explorer or Edge: Tools -> Internet options -> Privacy -> Settings. For more information, consult Microsoft support or your browser Help.
  • Firefox Firefox: Tools – > Options -> Privacy -> History -> Customised Settings. For more information, consult Mozilla support or your browser Help
  • Safari Safari Preferences -> Security. For more information, consult Apple support or your browser Help.
  • You will not access the Website through automated or non-human means, whether through a bot, script, or otherwise.
  • You will not use the Website for any illegal or unauthorized purpose.
  • Your use of the Website will not violate any applicable law or regulation.

6. Withdrawing consent

The user may withdraw his/her consent relating to the Cookies Policy at any time, and may delete the cookies stored on his/her device by adjusting his/her internet browser settings, as described above.

7. Cookie settings

This Cookies Policy may be modified when required by the legislation in force at any time or when there is a change in the type of cookies used on the website. For this reason, we recommend that you review this policy every time you access our website so that you are appropriately informed of how and why we use cookies.

8. Contact

Please contact us with any questions or comments about this Policy, your Personal Data, and our use and disclosure practices by email at privacy@icure.com

iCure SA

Contact: contact@icure.com

Last update: September 13th, 2023

Quality Policy

www.iCure.com

At iCure SA, we are committed to excellence in all aspects of our work. Our quality policy is designed to provide a framework for measuring and improving our performance within the QMS.

1. Purpose of the Organization

The purpose of the QMS is to ensure consistent quality in the design, development, production, installation, and delivery of Data processing, security, archival, technical support and protection solutions for medical device software, while ensuring we meet customer and regulatory requirements. The document applies to all documentation and activities within the QMS. Users of this document are members of the iCure Management Team involved in the processes covered by the scope.

2. Compliance and Effectiveness

We are committed to complying with all applicable regulatory and statutory requirements, including ISO 13485: 2016 and ISO 27001:2013. We strive to maintain and continually improve the effectiveness of our quality management system.

3. Quality Objectives

Our quality objectives are set within the framework of this policy and as defined by our Software Development Lifecycle and are reviewed regularly to ensure they align with our business goals. These objectives serve as benchmarks for measuring our performance and guide our decision-making processes.

4. Communication

We ensure that our quality policy is communicated and understood at all levels of the organization. We encourage every member of our team to uphold these standards in their daily work whether they are employees, contractors, consultants, suppliers, clients or any other person involved in building our medical data management software.

5. Continuing Suitability

We regularly review our quality policy to ensure it remains suitable for our organization. This includes considering new regulatory requirements, feedback from customers, and changes in our business environment. By adhering to this policy, we aim to enhance customer satisfaction, improve our performance, and contribute to the advancement of medical technology

iCure SA

Contact: contact@icure.com

Last update: April 17th, 2024