Data Authenticity and Security
How do we keep the collected data safe?
RegenMed uses Amazon Web Services (“AWS”) servers and architecture to provide physical security, redundancy, and other elements necessary to ensure the privacy and integrity of Personal Data. All Personal Data entered or uploaded during the completion of any Survey is protected by AWS.
Amazon Cognito, which is a part of AWS, is compliant with numerous data protection standards and regulations, including:
- PCI DSS
- Service Organization Control
- ISO/IEC 27001/27017/27018
- ISO 9001
All stored data is encrypted, meaning it is translated into another form or code that cannot be decrypted without (1) a password, and (2) a ‘key’ that decrypts the data every time the app needs to read it.
Our Development Team can access Amazon Cognito and apply changes to the Survey answers if required. All accesses to Cognito are captured and maintained in the AWS CloudTrail. However, pursuant to Company policy, they are not allowed to do so unless specifically authorized by the Funder or other Data Controller.
Circle administrators can select the Personal Data storage region and set the level of access for their Circle members.
We recommend that Funders or other Data Controllers establish and enforce written policies limiting access to Personal Data. This includes and requires the utilization of two-factor authentication for each inCytes™ access.
We further recommend that the operating system of each User be password-protected. Please also note that inCytes™ utilizes an automatic Logout Feature.
We track and record:
- The claimed identity of each User who completes a Survey.
- The date and claimed identity of any person who enters any changes to Survey Answers.
- The original Survey Answers prior to any entered changes, as well as the changed Answers.
License Agreement (Investigator & Patient):
During the registration process, the License Agreement is presented to both the Investigator and Patient. It must be accepted by any such User prior to accessing the inCytes™ platform. This document and its acceptance are then time-stamped and stored, without access by Company personnel.
Healthcare Consent (Patient):
Consent language is typically provided by the Funder or Investigator. As with the License Agreement, we track, time-stamp and record the saved Consent, its acceptance and the claimed identity of the accepting User, without access by Company personnel. After logging in, patients can review the signed consent on their Personal Patient Portal at any time.
Learn more about how the Patient consent is delivered and accepted by the patient.
In addition, if a Funder or Investigator desires, the Consent form can be added to or made as a Survey. It can then be answered by the Patient through marking a checkbox. It will thereafter be stored in AWS Cognito where any changes are logged and stored in AWS CloudTrail.
We support Observational Protocol Versioning, allowing Investigators to have several protocol versions (adding/removing questions or surveys) and using them simultaneously if desired. In the Report Builder and Raw data report downloaded from inCytes™, all data from all versions are available.