Data Protection

Protecting patient data and healthcare information is at the core of everything we do. Learn about our comprehensive security measures and data protection practices.

Our Security Measures

End-to-End Encryption
All data transmitted between your devices and our servers is encrypted using TLS 1.3
  • AES-256 encryption at rest
  • Secure key management
  • Encrypted database backups
Secure Infrastructure
Enterprise-grade infrastructure with multiple layers of security
  • ISO 27001 compliant data centers
  • Network segmentation
  • DDoS protection
Access Controls
Granular role-based access control ensures data is only accessible to authorized users
  • Role-based permissions
  • Multi-factor authentication
  • Session management
Audit Logging
Comprehensive audit trails track all access and modifications to sensitive data
  • Complete access history
  • Tamper-proof logs
  • Real-time monitoring
Incident Response
24/7 security monitoring with rapid incident response capabilities
  • Security Operations Center
  • Automated threat detection
  • Incident response plan
Compliance
We adhere to international healthcare data protection standards
  • GDPR compliant
  • Ghana Data Protection Act
  • Healthcare industry standards

Data Processing Agreement

As a processor of Protected Health Information (PHI), we enter into Data Processing Agreements with all healthcare facilities using our platform. These agreements outline:

  • The types of data processed and purposes of processing
  • Technical and organizational security measures
  • Sub-processor management and notifications
  • Data subject rights handling procedures
  • Breach notification obligations
  • Data return and deletion procedures

Data Location and Transfer

Your data is stored in secure data centers located within Ghana and West Africa. For facilities that require specific data residency, we offer dedicated deployment options. Any cross-border data transfers are conducted in compliance with applicable data protection laws and include appropriate safeguards.

Data Backup and Recovery

We implement comprehensive backup and disaster recovery procedures:

  • Automated daily backups with 30-day retention
  • Point-in-time recovery capabilities
  • Geographically distributed backup storage
  • Regular backup restoration testing
  • Recovery Time Objective (RTO) of 4 hours
  • Recovery Point Objective (RPO) of 1 hour

Employee Training and Access

All Heka SoftLink employees undergo mandatory security and privacy training. Access to production systems is strictly limited to authorized personnel who require access for their job functions. All access is logged and regularly audited.

Third-Party Security Assessments

We engage independent security firms to conduct regular assessments of our platform:

  • Annual penetration testing
  • Quarterly vulnerability assessments
  • Code security reviews
  • Compliance audits

Reporting Security Concerns

If you discover a security vulnerability or have concerns about data protection, please contact our security team immediately:

Security Team

Email: security@hekasoftlink.com

Emergency Hotline: +233 (0) 30 XXX XXXX