Overview
sureCova was built with the same rigor around patient data protection that regulations like HIPAA (US), GDPR (EU), and NDPR (Nigeria) require, regardless of where our patients are located.
What This Means in Practice
- Encryption. All patient data is encrypted in transit and at rest using industry-standard encryption.
- Authentication. Clinician accounts are protected by secure authentication measures, including multi-factor authentication.
- Access controls. Only the clinicians directly involved in your care — your personal doctor and your prescribing doctor — can access your medical record. Internal staff access is role-based and logged.
- Audit trails. Every access to your medical record is logged and auditable.
- Data minimization. We collect only the health information necessary to provide your care.
- Data retention. Medical records are retained for as long as required by applicable law and clinical record-keeping standards in the relevant jurisdiction.
- Security monitoring. We continuously monitor our systems for unauthorized access and maintain incident response procedures to address potential security events.
- Breach notification. In the unlikely event of a data breach affecting your information, we will notify you in line with applicable law in your jurisdiction.
- Patient rights. You may request a copy of your medical record, request corrections, or request deletion of your data, subject to legal and clinical record-keeping requirements. Requests may be subject to identity verification before any records are released or modified.
Cross-Border Data Transfers
Because sureCova supports cross-border care, patient data may be processed or accessed across jurisdictions. This only occurs with appropriate safeguards in place, and in compliance with applicable data protection laws governing cross-border transfer of health information.
Infrastructure & Vendors
sureCova relies on cloud infrastructure and third-party service providers to operate the platform. All such providers are contractually required to protect patient information in line with the standards set out in this policy.
Jurisdictional Compliance
sureCova complies with the data protection laws applicable to the jurisdictions in which it operates. We implement privacy and security safeguards aligned with internationally recognized standards, including principles reflected in Nigeria's Data Protection Regulation (NDPR), the EU General Data Protection Regulation (GDPR) where applicable, and HIPAA-aligned safeguards for relevant US-connected healthcare data.
Third Parties
We do not sell patient data. Any third party involved in delivering your care, payment processing, or platform infrastructure is bound by data protection agreements consistent with the standards above.
