Certifications and standards for security and interoperability
State of the art end-to-end encryption and compliancy with global standards and regulations
Data Privacy Protection Standards
iCure uses Asymmetric end-to-end encryption technology (with PKI – Public Key Infrastructure), is ISO 27001:2013 certified and is itself GDPR compliant as a Data Processor.
Latest Interoperability Standards
Developed with the newest IHE and HL7 FHIR interoperability standards, ensuring a seamless integration of different stakeholders, while avoiding any lock-in effects.
Most Complete Medical Classifications and Databases
Ensure a free flow of information between medical professionals even across language barriers due to international libraries and standards
Ready for more?
or stop by our
to say hello =)
Your message has been sent successfully
ICure SA is incorporated in Geneva, Switzerland, with a registered office at Rue de la Fontaine 7, 1211 Geneva, Switzerland registered in the commercial registry under CHE-270.492.477 (“iCure”).
When you accept, these Terms form a legally binding agreement between you and iCure. If you are entering into these Terms on behalf of an entity, such as your employer or the company you work for, you represent that you have the legal authority to bind that entity.
PLEASE READ THESE TERMS CAREFULLY. BY REGISTERING FOR, ACCESSING, BROWSING, AND/OR OTHERWISE USING THE iCURE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS. IF YOU DO NOT AGREE TO BE BOUND BY THESE TERMS, DO NOT ACCESS, BROWSE, OR OTHERWISE USE THE ICURE WEBSITE.
iCure may, in its sole discretion, elect to suspend or terminate access to, or use of the iCure to anyone who violates these Terms.
The original language of these Terms and Use is English. In case of other translations provided by iCure, the English version shall prevail.
2. INTELLECTUAL PROPERTY RIGHTS
The Content of the documentation stated on this Website is ours. All Marks, Content that concern iCure cannot be copied, reproduced, aggregated, republished, uploaded, posted, publicly displayed, encoded, translated, transmitted, distributed, sold, licensed, or otherwise exploited for any commercial purpose whatsoever, without our express prior written permission.
Provided that you are eligible to use the Website, you are granted a limited license to access and use the Website and to download or print a copy of any portion of the Content to which you have properly gained access solely for your personal, non-commercial use. We reserve all rights not expressly granted to you in and to the Website, the Content, and the Marks.
3. USER REPRESENTATIONS
By using the Website, you represent and warrant that:
All registration information you submit will be true, accurate, current, and complete; you will maintain the accuracy of such information and promptly update such registration information as necessary.
You are not under the age of 13.
Not a minor in the jurisdiction in which you reside, or if a minor, you have received parental permission to use the Website.
You will not access the Website through automated or non-human means, whether through a bot, script, or otherwise.
You will not use the Website for any illegal or unauthorized purpose.
Your use of the Website will not violate any applicable law or regulation.
4. PROHIBITED ACTIVITIES
You may not access or use the Website for any purpose other than that for which we make the Website available. The Website may not be used in connection with any commercial endeavors except those that are specifically endorsed or approved between you and iCure.
As a user of the Website, you agree not to:
Publishing any Website material in any other media.
Selling, sublicensing, and or otherwise commercializing any Website material.
Publicly performing and or showing any Website material.
Using this Website in any way that is or may be damaging to this Website.
Using this Website in any way that impacts user access to this Website.
Using this Website contrary to applicable laws and regulations, or in any way may cause harm to the Website, or to any person or business entity.
Engaging in any data mining, data harvesting, data extracting, or any other similar activity in relation to this Website.
Using this Website to engage in any advertising or marketing.
5. NO WARRANTIES
This Website is provided “as is,” with all faults, and iCure expresses no representations or warranties, of any kind related to this Website or the materials contained on this Website. Also, nothing contained on this Website shall be interpreted as advising you.
6. LIMITATION OF LIABILITY
In no event shall iCure, nor any of its officers, directors, and employees shall be held liable for anything arising out of or in any way connected with your use of this Website whether such liability is under this agreement. iCure, including its officers, directors, and employees shall not be held liable for any indirect, consequential, or special liability arising out of or in any way related to your use of this Website.
You hereby fully indemnify iCure from and against any and/or all liabilities, costs, demands, causes of action, damages, and expenses arising in any way related to your breach of any of the provisions of these Terms.
If any provision of these Terms is found to be invalid under any applicable law, such provisions shall be deleted without affecting the remaining provisions herein.
9. VARIATION OF TERMS
iCure is permitted to revise these Terms at any time as it sees fit, and by using this Website you are expected to review these Terms on a regular basis.
iCure is allowed to assign, transfer, and subcontract its rights and/or obligations under these Terms without any notification. However, you are not allowed to assign, transfer, or subcontract any of your rights and/or obligations under these Terms.
11. ENTIRE AGREEMENT
These Terms constitute the entire agreement between iCure and you in relation to your use of this Website and supersede all prior agreements and understandings.
12. GOVERNING LAW & JURISDICTION
These Terms shall be governed by and construed in accordance with the laws of Switzerland, without regard to its conflict of law provisions.
The parties shall attempt to solve the matter amicably in mutual negotiations. In case of a non-amicable settlement that has been found between the parties, the Court of Geneva will be competent.
Last update: November 2nd, 2022.
iCure SA (iCure) is incorporated in Geneva, Switzerland, with a registered office a Rue de la Fontaine 7, 1204 Geneva, Switzerland registered in the commercial registry under CHE-270.492.477.
Administrative Data: means Personal Data such as the Name, Email, and Phone in order to perform administrative tasks like Invoicing or contacting the Client (if support is needed).
Cookies: means text files placed on a computer to collect standard internet log information and visitor behavior information. When you visit a website, they may collect information from a computer automatically through cookies or similar technology (for further information please refer to our Cookies Notice, visit allaboutcookies.org.).
Data controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Visitor: means the natural person that submits their Personal Data through our contact form; and/or sends us an email; and/or cookies have been implemented.
All other undefined terms used in this Agreement have the meaning from our Terms and Conditions and the General Data Protection Regulation of the Regulation (EU) 2016/679 of 27 April 2016 (GDPR).
2. Concerning your Personal Data
For this website, iCure collects and determines the use and the purpose of any Personal Data uploaded by the visitor, therefore iCure is defined as the Data Controller according to the GDPR.
2.1 Contact Form
iCure collects Administrative Data that the Visitor completed in our contact form available through our Website.
The Administrative Data that Visitor provides to iCure on this contact form are the First name, the last name, the working e-mail address, the name of your organization, and other Personal Data that the Visitor included in the description of its work.
iCure processes these Administrative Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR).
iCure uses these Administrative Data to perform administrative tasks like contacting the Visitor who completed the contact form, to better understand your needs and interests, and to provide you with better service
The Visitor can contact iCure through contact@icure to get any information about the Company or new job positions. In this email, the Visitor includes his Name, mail address, and any other Personal Data.
iCure processes these Personal Data on the lawful basis of the Visitor’s consent (Article 6, 1. a) of the GDPR).
iCure uses these Personal Data to answer any request from the Visitor and to consider the Visitor’s job application that they sent us by email.
iCure has implemented appropriate technical and organizational measures to safeguard your Personal Data against any accidental or illicit destruction, loss, modification, deterioration, usage, access, divulgation, and any other unauthorized processing of your Personal Data. We make every effort to protect personal information. However, you should always be careful when you submit personal or confidential information about yourself on any website, including our website.
4. The data retention period and the conditions for deletion
5. Your rights
You are entitled to access your Personal Data processed by iCure and request their modification or erasure if it is incorrect or unnecessary. To exercise your rights, you may get in touch with iCure by using the electronic contact form available on our website or send a written and signed request to iCure at the email address firstname.lastname@example.org with a copy of your ID or other identification documents, and any document proving that you are the data subject.
In general, where applicable, you also have the right to withdraw consent to the processing at any time. This withdrawal does not affect the lawfulness of processing based on consent made prior to such withdrawal. In certain cases, you also have the right to data portability. Those rights can be exercised by following the abovementioned procedure.
You have the right to lodge a complaint with a supervisory authority, in the Member State of the European Union of your usual place of residence, your place of work, or the place where the violation occurred, if you consider that the processing of personal data relating to you infringes Data Protection Law.
Please, note that the term of processing of such request can take up to one month. Contact: email@example.com
7. Information Sharing
Our employees and/or authorized contractors are the people in charge of the Data Processing.
iCure does not sell, rent, or lease any individual’s personal information or lists of email addresses to anyone for marketing purposes, and we take commercially reasonable steps to maintain the security of this information.
However, iCure reserves the right to supply any such information to any organization into which iCure may merge in the future or to which it may make any transfer in order to enable a third party to continue part or all of its mission.
In addition, please be aware that in certain circumstances, iCure may be obligated to release your personal information pursuant to judicial or other government subpoenas, warrants, or other orders.
8. Links to other Websites
Please contact us with any questions or comments about this Policy, your Personal Data, and our use and disclosure practices by email at firstname.lastname@example.org If you have any concerns or complaints about this Policy or your Personal Data, you may contact our DPO at email@example.com.
Please, note that the term of processing of such request can take up to one month.
Contact : firstname.lastname@example.org
Last update: November the 10th, 2022.
Information Security Policy
The iCure universe is built on trust. Guaranteeing the confidentiality of the data that are entrusted to us is our highest priority.
The Information Security Policy of iCure abstracts the security concept that permeates every activity and abides by the ISO 27001:2013 requirements for Information Security, so that we ensure the security of the data that iCure and its clients manage.
Every employee, contractor, consultant, supplier and client of iCure is bound by our Information Security Policy.
2. Our Policy
iCure is committed to protecting the confidentiality, integrity and availability of the service it provides and the data it manages. iCure also considers protecting the privacy of its employees, partners, suppliers, clients and their customers as a fundamental security aspect.
iCure complies with all applicable laws and regulations regarding the protection of information assets and voluntarily commits itself to the provisions of the ISO 27001:2013.
3. Information Security Definitions
Confidentiality refers to iCure’s ability to protect information against disclosure. Attacks, such as network reconnaissance, database breaches or electronic eavesdropping or inadvertent information revealing through poor practices.
Integrity is about ensuring that information is not tampered with during or after submission. Data integrity can be compromised by accident or on purpose, by evading intrusion detection or changing file configurations to allow unwanted access.
Availability requires organizations to have up-and-running systems, networks, and applications to guarantee authorized users’ access to information without any interruption or waiting. The nature of data entrusted to us requires a higher-than-average availability.
Privacy is the right of individuals to control the collection, use, and disclosure of their personal information. Our privacy policies are based on the GDPR(https://gdpr-info.eu/) and can be augmented by added requirements of specific clients or law areas.
4. Risk Assessment
The main threats iCure is facing as a company are:
Denial of Service attacks;
Blackmail and Extortion.
As providers of a solution used by developers active in Healthcare, we also have to anticipate the risks of:
Attacks on our clients’ data, which could lead to major social damages and a loss of trust in our solution;
Abuse of our solution by ill-intentioned clients, that could impact the quality of the service provided to the rest of our clients.
The motivation of the attackers in the latter cases can range from financial gain to political or ideological motivations.
A last risk is linked to the nature of the healthcare data we handle. We must ensure, that the data we handle are not used for purposes other than those for which they were collected:
A piece of data collected from a patient for the purpose of a medical consultation should not be available to third parties, not even a government agency.
5. Risk Management
The main principles we apply to manage the risks we face are:
Confidentiality by design: All sensitive data is encrypted end-to-end before being stored in our databases. We do not have any access to the data we store. Our client’s customers are the only ones who can decrypt the data we store.
Anonymization by design: Healthcare information that has to be stored unencrypted is always anonymized using end-to-end encryption scheme. This means that the link between the healthcare and administrative information must be encrypted.
Those two principles allow us to minimize the risks of data theft, blackmail, extortion, and coercion by government agency.
Multiple real-time replicas, with automatic failover: We use a distributed database architecture to ensure that our data is available at all times. We use a master-master architecture, each data is replicated at least 3 times. Snapshots are taken every day to ensure that we can restore the data in case of a malevolent deletion event.
Automatic password rotations: no single password can be used for more than 48 hours. Passwords are automatically rotated every 24 hours. In case of a password leak, we can limit the window of opportunity for an attack.
Those two principles allow us to minimise the risks of data deletion, denial of service attacks, and malware.
Minimization of the attack surface: we deploy our systems in the most minimal way. We only expose the network services that are strictly necessary.
Strict dependency management: we only use open-source software that is regularly updated and audited by the community. We favor dependency management software and providers that minimize the risk of supply chain poisoning.
Those two principles allow iCure to minimise the risks of intrusion by vulnerability exploit or supply chain attacks, two risks that could lead to data theft or data deletion.
6. Further Information
This policy is valid as of November 10th, 2022. For futher information please connect with us at email@example.com