Data Security & Compliance
Data Security & Compliance
Design Approach
Sarop is built with a Privacy by Design and Security by Design approach. Our goal is to protect health data, user identity and clinical communications across every stage of collection, transmission, storage and processing.
Sarop Security Principles
- Encryption of communications via HTTPS/TLS
- Role-based access control
- Limiting staff access to the minimum necessary
- Recording security logs to detect misuse
- Separation of access levels for users, physicians, healthcare facilities and administrators
- Infrastructure backup and monitoring
- Security incident review and staged response
- No sale of users' health data
Regulatory Compliance
Sarop strives to keep its services aligned with the following principles:
- GDPR for European users
- Data-protection laws in MENA countries
- Health-data confidentiality requirements
- Apple App Store and Google Play requirements
- Local laws of the country of service
- Contractual obligations with healthcare facilities, insurers and official partners
In countries with more specific laws for health data, service provision may be subject to a local contract, obtaining a license, selecting a data-storage location, or appointing a legal representative.
Reporting a Security Incident
To report any incident, vulnerability or security issue:
security@sarop.healthInteroperability-First Approach
Sarop follows an interoperability-first approach and is designed to coexist with existing healthcare technologies, regulations and operational frameworks.