Security
eMed’s UK Information Security policy sets out eMed’s UK commitments and arrangements to ensure the security of internal, customer, patient and supplier information.
We take data security extremely seriously.
When you give us your data, you trust us to keep it secure. Any personal or sensitive information we hold about you is protected by strong encryption and held in our secure environment, protected with multiple layers of security controls.
Storing your data
We store all of your personal health data on secure servers. Health data includes your medical information (such as symptoms and treatment). Your data may be processed or stored via destinations outside the European Economic Area but always in accordance with data protection laws and subject to strict safeguards.
Protecting your data
We encrypt all data transmitted to and from the app, and use strict procedures and security features to try to prevent unauthorised access. Payments are processed via a third party payment provider that is fully compliant with Payment Card Industry (PCI) data security standards.
Securing your data
We regularly test our servers to make sure our security controls are the best, and we work with industry-leading hosting partners to ensure our infrastructure is protected. Within the app, strong authentication and access controls are in place to protect clinical records and robust audit processes are in place to ensure data is accessed securely and appropriately.
To keep your data protected, please:
- Make sure you have a strong password
- Change your password frequently
- Keep your password safe and only use it for your eMed account.
Please take the time to read our Information Security Policy
eMed’s UK Information Security policy sets out eMed’s UK commitments and arrangements to ensure the security of internal, customer, patient and supplier information.
This policy is an enabling mechanism for information sharing, for digital electronic operations and for reducing information related risks to acceptable levels. This policy applies to all eMed UK entities, including Babylon Healthcare Services Limited. Setting and complying with the security requirements, that form eMed’s UK Information Security Management System (ISMS), is essential to eMed’s UK commitment to safeguard our patients' well-being and privacy, our regulatory compliance position, the resilience of our services and accordingly, our reputation.
Information and information security requirements are consistently aligned with eMed’s UK goals. Information security objectives are set annually by eMed’s UK CISO & Security Management Team, and adopted by executive management, in consultation with eMed's Global Clinical Services Integrated Governance Committee to ensure that we are able to determine the effectiveness of the information security measures we have in place.
Information Security is controlled through the preservation of:
- Confidentiality - ensuring that information is only accessible to those authorised to access it and therefore to prevent both deliberate and accidental unauthorised access to eMed’s UK information.
- Integrity - safeguarding the accuracy and completeness of information and processing methods, and therefore requires preventing deliberate or accidental, partial or complete, destruction or unauthorised modification, of either physical assets or electronic data.
- Availability - information and associated assets should be accessible to authorised users when required.
In support of this Policy, eMed’s UK leadership are committed to:
- Manage and reduce information risk in an informed manner, with a program in place for regular risk review.
- Ensure compliance to all applicable legal and regulatory requirements, including Information Security Management System requirements. eMed UK must comply with all relevant data related legislation in those jurisdictions within which it operates.
- Provide adequate information security resources to ensure efficient and effective security management, compliance and control performance.
- Ensure all staff are made aware of their security responsibilities, with mandatory security onboarding and annual refresher training.
- Ensure that appropriate architecture principles, business continuity processes, disaster recovery plans and data backups are in place to ensure infrastructure and product resilience and contingency.
- Provide appropriate resources and measures to ensure rapid and effective management and response to incidents that threaten the security or continued availability of assets, particularly critical systems and information.
- Continual improvement of eMed’s UK information security management system, through cross functional security governance, internal and external audit.
Information security risk management is achieved through the use of a number of controls including policies, processes, procedures, software, and hardware functions. These controls are continually monitored, reviewed and improved to ensure that specific security and business objectives are met. These controls are operated in conjunction with other business management processes and incorporate industry best practices, taking into consideration the applicable statutory and contractual requirements. eMed UK continuously works to effectively operate and continually improve the security controls in order to:
- Take account of changes to business requirements and priorities.
- Consider new threats and vulnerabilities.
- Confirm that controls remain highly effective and appropriate.
Information security is everyone’s responsibility. All employees are empowered to identify any potential security weaknesses and incidents and report through the appropriate management channels.