Is my Data Safe and how is it Used ?

Our Online Repeats service is hosted by 2MLPharmacare who take security of Data very seriously and these are just some of the measures they have put in place.

Secure Hosting

2ML Online Repeats is hosted and stored within a AWS European Data Centre. AWS stands for Amazon Web Services and hosts some of the biggest names on the internet including financial services and government departments in 190 countries across the world. 2ML tap into AWS Web Services expertise as detailed here

SSL Encryption

All communication between 2ML servers (where the Data is stored) and Pharmacies and Patients is transferred over a secure and encrypted connection. When anyone accesses our service they do so on HTTPS:// and this means it is secure and encrypted.

Data Backup & Encryption

2ML Online Repeats Data is held in encrypted AWS RDS databases in separate physical locations. Live Data is replicated between these physical locations to protect the data in the event of technical or natural disasters. 

Data is continuously backed up and can be recovered to within a 5 second time frame in any previous 24 hours.

Data Storage Location

All 2ML Online Repeats Data is stored exclusively within the EU and is subject to EU Directive 95/46/EC. 2ML Online Repeats complies with this directive when using Amazon Web Services to host the Service. AWS's whitepaper on EU Directive 95/46/EC can be viewed here

2 Factor Authentication - 2ML

All 2MLPharmacare Personnel logins to the Repeats service are protected with 2 Factor Authentication providing the same level of protection used in online services such as banking. 

2 Factor Authentication - Pharmacies

Pharmacies must use 2 Factor Authentication to access their their data and their Customers Data via the Pharmacy Dashboard providing the same level of protection used in online services such as banking. 

Restricted Access

In normal day operations only two people within 2MLPharmacare hold the 2 factor codes necessary for direct access to "Live" Repeats Data and Environment. Developers and software engineers only ever have access to a "Development" Environment and Dummy Data.

Customer Data is only ever accessed by specified personnel for specific and necessary purposes such as system maintenance or upgrades. 

Data Privacy

Data specific to customers is only retained or used by 2MLPharmacare for the purpose of managing your online repeat medication. Historic Order Data beyond the last Repeats cycle is not retained. No Data is ever shared or used by any party other than our Pharmacy.

Data Retention

Should our Pharmacy cease to operate the 2ML Online Repeats Service all data relating to the Pharmacy's customers & patients will be deleted by 2MLPharmacare within 7 days.

Should you cease to use the system please request that we delete your Patient Record. All your live personal data will be immediately deleted on the live system. Some information will persist in Data Backups in a powered down state until these backups are purged in accordance with 2MLPharmacare's Data Backup Procedure.

Data Security

The 2MLPharmacare Online Repeats Platform, System and Security has been fully tested by a Qualified Independent 3rd Party conducting an authorised penetration test. These tests involved human and automated attempts to (Hack) gain unauthorised access to the system. Further Tests and System audits are carried out whenever the Platform or System are significantly upgraded or modified.

Unauthorised Access

Any person attempting to access the 2ML Online Repeats Service via the Pharmacy or Patient Dashboards are required to enter a User Name and Password when signing into the Patient Dashboard and additionally provide a unique security code when attempting to access the Pharmacy Dashboard.

If an unauthorised person attempts to "Hack" into a user account on the system the account becomes "locked" after 6 failed attempts. The user account can only become "unlocked" by following the procedure detailed here 

As part of the "unlock" process the "locked" user must provide their Date of Birth. As an additional security measure 4 failed attempts to enter a users date of birth will result in the user account being locked until they re-establish their identity with the Pharmacy.



Please sign in to leave a comment.
Powered by Zendesk