Knowledge Base for Investigators

Searching for patient related article? Navigate to the 
Knowledge Base for Patients

inCytes™ Data Breach Policy

Introduction

RegenMed provides Licensees with data processing services, including the ability to enter, store and access Personal Information about themselves and their Patients. RegenMed uses Amazon Web Services “AWS” as a sub-processor to store, pseudonymize and encrypt Personal Information.

Data breaches are an unfortunate problem affecting organizations of all sizes and are equally varied in type, format, and severity. This policy, which incorporates the AWS Service Terms, describes RegenMed’s role, responsibilities, and capabilities in helping its Licensee’s prevent, identify and report data breaches.

Definitions

As defined within the inCytes™ License Agreement.

Roles

The inCytes™ Security Team comprises:

The inCytes™ Security Team is responsible for the design, implementation and adjustments to this policy over time, including:

Technical and Organizational Security Methods

As described in the AWS Service Terms, and further detailed within the GDPR Addendum, AWS has implemented numerous technical and organizational methods to secure Personal Information processing. RegenMed’s use of AWS as a subprocessor incorporates these measures into its own application, including:

In addition, RegenMed has elected to implement numerous additional security measures to support further Personal Information processing protection within its Architecture, including

Data Breaches

Data breaches may still occur and can be caused by a number of possible, unpredictable, and/or uncontrollable factors, including:

Human Error

  1. Loss of device with an open session;
  2. Disclosure of Personal Information through unauthorized channels;
  3. Sharing Login information with the wrong recipient;
  4. Exporting Personal Information and improperly handling exported version;
  5. Improper disposal.

Malicious Activity

  1. Hacking and brute force entry;
  2. Theft of devices with open sessions;
  3. Scams which phish for login information or Personal Information.

Server/Computer Error

  1. Application Bugs;
  2. Failure of Cloud Services, including authentication, data entry, or reporting;
  3. Loss of internet.

Data Breach Reporting

Data Breaches observed by AWS are obligated, under the AWS Service Terms, to be reported to the inCytes™ Security Team without undue delay.

Data Breaches observed by RegenMed Staff, Licensees, or other external parties are collected via email at security@rgnmed.com.

inCytes™ Security Team will notify the Sponsor of a Data Breach without undue delay after becoming aware of the Data Breach, and provide the following if known:

  1. The nature and type of the Data Breach breach;
  2. The Personal Information and Licensees affected;
  3. The suspected cause or source of the breach;
  4. Information on whether or not the breach has been rectified;
  5. Information on how the Sponsor or Licensee can prevent further damages;
  6. The contact information for the inCytes™ Security Team Member Liaison.

inCytes™ Security Team, at the written request of the Sponsor, takes reasonable steps to mitigate the effects and to minimize any damage resulting from the Personal Information breach, including:

inCytes™ Security Team will assist the Customer in relation to any personal Data Breach notifications Customer is required to make under the GDPR, RegenMed will include in the notification any such information about the Data Breach as RegenMed is reasonably able to disclose to the Customer, taking into account the nature of the Sponsor Agreement, the information available to RegenMed, and any restrictions on disclosing the information, such as confidentiality.

Search keywords:

Haven't found a solution?

CONTACT US