At Doc Forte we take data security and privacy extremely seriously. It is one of the foundational pillars of our company and is implemented at the core of every product. We believe that healthcare data is the most sensitive information about you and must receive appropriate protection. Doc Forte collects or uses any personal or sensitive personal information belonging to you only after receiving appropriate and clear consent from you. Further, we understand that people change their minds, so no consent is permanent and our systems are built with the flexibility so that any consent given can later be revoked. This is why all our products have features where patients and providers are in control and can decide what they want to share and what they prefer to keep private.

At the outset, our data is stored with 256 bit end to end encryption on HIPAA compliant servers. Further, we are an ISO27001:2013 certified company. This certification is one of the most recognized and stringent information security certification that validates a company's efforts on protecting data and all kinds of information assets. We have two distinct data sets. First is when health care providers use our software to store information regarding the patients they are treating. This can include information about the patient, their diagnosis, treatment plan, any clinical notes, communication and other details. All of this is stored on behalf of the provider. And Doc Forte cannot access this. It is stored privately and securely for every provider who uses our software. The other data set is when patients directly visit Doc Forte and use Doc Forte to store their health history or undertake a healthcare transaction, such as booking an appointment and more. We store all this data on behalf of the patient and this too is stored with 256 bit end to end encryption and HIPAA compliant servers. Any patient who uses our service, gives us permission to reach out to them from time to time with marketing and/or other communication which he/she can opt out of when he/she chooses so.

Doc Forte does not have access to the data stored in Ray.

To be clear - we build the technology that enables YOU to send the SMSes. Therefore, while our systems send the SMS, they can only be sent by the doctor explicitly allowing the system to do so. These can be toggled in the settings tab in your Ray software. Enabling this setting and/or does not give Doc Forte access to any other aspect of your data other than what is required to complete sending of the SMS. It also does not give Doc Forte permission for Doc Forte to reach out to the patient for any other reason. In addition, all of this is done via an automated system with no human involvement or intervention possible. For example, when you enable the settings to send an appointment confirmation SMS to your walk-in patient, the system will take phone number of that patient, locate the appointment detail that you have confirmed and send that information to that patient. Beyond this, Doc Forte does not get any rights to send any other message or communication or to reach out to the patient for any reason whatsoever. Further, you can, at any time, revoke even this facility by simply changing the settings inside Ray.

Millions of patients and hundreds of thousands of providers trust us with their data. We take this responsibility extremely seriously and strive to make Doc Forte the safest place for your health data. We have always maintained a very clear distinction between data sets that pertain to users who directly visit docforte.com (“Online Patients”) and those that visit a clinic and are walk-in patients of the doctor (“Walk-in Patients”). Separated infrastructure and firewalls on Ray prevent docforte.com from accessing data from Docforte Ray. Online Patients:These are patients who register with Practo either via Practo.com or our app and then call or book an appointment with an affiliated clinic. Each of these patients, individually, give us permission to reach out to them with any communication that is relevant to provide services as well as for offering new products or services. Practo does not have any access to patient’s personally identifiable health information. Walk-In Patients:Practo does not have access to information about patients that directly walk-in to the clinic and the doctor inputs their data into our software such as Ray. Inputting patient data into Ray does not give Practo rights to reach out to that patient. Further, Practo also does not have access to any personally identifiable health information for these patients either. We think this is really important and have therefore committed to every provider by writing this down in our terms of service.

There is no way your walk-in patient will receive promotional communication from Doc Forte. The only way it is possible is if this patient who has been a walk-in patient at your clinic, later independently visits docforte.com and signs up for an account with Doc Forte. At this point, he gives us his/her permission that Doc Forte can reach out to him with promotional material. Only once we get this permission directly from the patient when he decided to visit our website do we reach out to him/her. Unless your walk-in patient visits Doc Forte independently and gives us permission, no marketing communication is received by him from Doc Forte. The only communication they will receive will be what you have enabled in your settings in Ray. If you’d like to review these settings you can click here to log in to Ray and review your settings.

Never. We do not sell any patient data – whether it is for walk-in patients or for our online patients with any third party. We also do not allow third parties to market to any user of Doc Forte through us. We are not responsible for any promotional communications received by patients from other vendors. We recommend that you should ask the patients to immediately report such marketing campaigns to TRAI for necessary action by the regulator.

No we have not. We will continue to work very hard to make sure that data stored with Doc Forte remains secure.

Absolutely. Doc Forte is amongst the safest places for you to store your healthcare information and that of your patients. We have a variety of measures that protect your data, some of which are:

1. HIPAA Compliant servers: All data is stored in HIPAA compliant servers
2. Encryption: All data is end to end encrypted with 256 bit encryption during transit and at rest.
3. Two Factor: We have implemented Two-factor authentication to protect against foul-play.
4. Access Zones: We have implemented access zones that prohibit access to information from locations not specified by the user. This ensures that even if the authentication information leaks, access can only happen from the physical locations specified by the user.
5. Role Based Profiles: A doctor/clinic owner can set up different profiles for their staff with different levels of information access. This ensures that only the doctor has access to the patient files while the staff access is restricted to the clinic operations rather than the patient information.
6. Data Backup: We take multiple backups of your data and it is kept in geographically distributed locations to make sure you never have any data loss. Even in the event of a natural disaster in one geography, your data remains safe and can be recovered.
7. No Virus: Since all your data is stored in cloud, it protects you from any local virus that your computer might have, so the only virus you have to deal with is those affecting your patients

We have a variety of measures that protect your data, some of which are:

1. HIPAA Compliance: All data is stored in HIPAA compliant servers ensuring industry standard consent architecture and privacy policies.
2. Encryption: All data is end to end encrypted with 256 bit encryption during transit and at rest.
3. Two Factor: We have implemented Two-factor authentication to safeguard against foul play.
4. Access Zones: We have implemented access zones that prohibit access to information from locations not specified by the user. This ensures that even if the authentication information leaks, access can only happen from the physical locations specified by the user.
5. Role Based Profiles: A doctor/clinic owner can set up different profiles for their staff with different levels of information access. This ensures that only the doctor has access to the patient files while the staff access is restricted to the clinic operations rather than the patient information.
6. Data Backup: We take multiple backups of your data to make sure you never have any data loss and even in terms of a natural disaster in one geography, your data can be recovered

We have some services - such as appointment reminders or electronic record sharing where a doctor can share records with their patients. When a doctor does that, we send a message to the patient with a link to access that record. However, if the doctor does not want such a link to be included in those SMS, he/she can opt out of it.

Merely visiting Docforte.com is not sufficient. To receive marketing messages from Doc Forte, a patient has to visit us, register for an account and give us permission to market them. Only if they give us their permission do we market to them. Further, the database containing Ray data is separate from that used for Docforte.com. As per our terms of service agreed with you, Doc Forte cannot access the data stored in the Ray database. Hence, we are are unable to de-duplicate any patients visiting Docforte.com who may have, in the past, visited you and whose information may be available in Ray database as that would be breach of privacy and of our contract with you.

In the unlikely event that you discover a vulnerability, we do have a responsible security disclosure program that prescribes next course of action and we would love to hear from you and fix it at the earliest. Please check our Responsible Disclosure Policy and report them to us on secure@practo.com.

Of Course, Doc Forte complies with all applicable laws in every country it operates in.