Security at HealSuite
We understand that security isn’t just about technology — it’s about trust. At HealSuite, safeguarding your practice and patient data is our highest priority. From infrastructure to day-to-day monitoring, security is built into everything we do.
Built on Trusted Infrastructure
HealSuite runs on Amazon Web Services (AWS), one of the world’s most secure cloud providers. AWS meets internationally recognised standards such as ISO 27001 and SOC 2, ensuring that all data is stored and processed in secure, compliant environments.
Encryption Everywhere
All information you send to or receive from HealSuite is protected with 256-bit SSL encryption, the same level of protection used by leading banks. Data is encrypted both in transit and at rest, meaning it’s protected at every stage.
Layers of Protection
We apply multiple security layers to protect your data and systems, including:
- Cloudflare security for DDoS mitigation and advanced threat protection.
- Firewalls and private networks to restrict unauthorised access.
- Role-based access controls so staff only see what they need.
- Comprehensive audit trails so activity can be monitored and traced.
Designed for Compliance
HealSuite is built with UK GDPR and Data Protection Act 2018 compliance at its core. We act as a data processor, giving you the tools and transparency you need as a data controller to manage patient records lawfully and responsibly.
Independent Testing & Certification
To make sure our security measures stay ahead of emerging threats, we:
- Conduct independent penetration testing at least once a year.
- Hold Cyber Essentials Plus certification, a UK government standard for cybersecurity.
- Continuously monitor systems with automated checks and regular updates.
Shared Responsibility
While we deliver enterprise-grade protection, security works best as a partnership. We encourage all HealSuite users to:
- Use strong, unique passwords.
- Enable two-factor authentication (2FA).
- Manage user permissions carefully within their teams.