Security and Privacy Measures
The privacy and the security of your information is our top priority. CureMD continually strives to provide security features that comply with HIPAA guidelines
The purpose of this document is to provide information on the security features and functions that have been designed to ensure the privacy and security of you and your patients during the telemedicine encounters with your patients.
Data Anonymization
Personally identifiable information such as e-mail address, First Name, and Last Name are completely anonymized, based on random, 8 character alphanumeric codes. CureMD does not share the name of the user with our partners at any point.
In a session with two participants, our API does not send the name of the participant to Zoom for the purpose of displaying on the video dashboard. However, In a session with three or more participants, only the name of each participant is shared with Zoom so that participants can identify each other, however in this case the name is sent as a text string with no other account information. This feature is rarely used and can be turned off on request
Affirmation Action for Camera Access
When using CureMD Telemedicine, your camera is off by default and can not be turned on without an affirmative action by you. This ensures that there is no invasion of privacy.
Abstraction of Meeting Details
CureMD provides a layer of abstraction between the Zoom Meeting IDs and the means of entering a Telemedicine session. Your patients receive a unique 9 digit code that is only verifiable by CureMD. The code is also specific to each participant, and is sent directly to participants via e-mail or text message, greatly reducing the likelihood of unauthorized sharing.
The patient can join the Telehealth waiting room only once the code has been validated by CureMD, the application also logs the patient’s entry and ushers the participant into the Zoom meeting. These logs are available in our usage reports and can be audited.
Please note that, despite the above mitigation steps and technical safeguards, there may still exist instances where the software maybe misused, which are outside the CureMD’s control, such as where:
– An authorized session participant shares the CureMD Telemedicine 9 digit codes with an unauthorized individual; or
– An authorized session participant harvests Zoom Meeting IDs from the Zoom interface once a meeting is in progress and shares the information with an unauthorized individual.
In order to mitigate the above, we have recommended to Zoom additional measures to ensure that the security of the application is further strengthened.