Storkfort Health
Head Office
Plot 50667 |Suite 2 | Medical Mews Fairgrounds, Gaborone , Botswana
Inquiries
hq@storkfort.com
Tel: +267 397-4578,

Security Policy

Your privacy matters to us. Read our Security Policy to understand how we handle your personal information and  provide a better online experience.

Effective Date: 22 Nov 2024


At Storkfort Health (www.sh.co.bw), safeguarding your personal data is a top priority. This Security Policy outlines the measures we take to protect your information from unauthorized access, alteration, disclosure, or destruction. We are committed to maintaining the highest standards of security to ensure the confidentiality, integrity, and availability of your personal and health data.

 

1. Data Protection and Confidentiality

We ensure that all personal data provided by our users, including health-related information, is protected with the highest level of confidentiality and security. We follow strict data protection practices in line with the Data Protection Act, 2018 (Botswana), General Data Protection Regulation (GDPR) (EU), and Health Insurance Portability and Accountability Act (HIPAA) (USA).

 

2. Data Encryption

We employ industry-standard encryption protocols to protect sensitive data during transmission and storage. This includes the use of SSL/TLS encryption to secure communications between your browser and our website, ensuring that any data shared remains private and protected from unauthorized access.

 

3. Access Control

To prevent unauthorized access to personal and sensitive data, we implement strong access control measures, including:

  • User Authentication: Access to personal data is restricted to authorized personnel only. We employ strong password policies and multi-factor authentication (MFA) for staff and administrators who access sensitive data.
  • Role-Based Access: Our staff members are granted access to data based on their roles and responsibilities, ensuring that individuals only have access to the information necessary for their work.
  • Regular Audits: We perform periodic audits to monitor and track access to sensitive data and systems, ensuring that access is in line with our security policies.

 

4. Security Monitoring and Incident Response

We continuously monitor our network and systems for potential security threats. Our monitoring systems are designed to detect any unusual or unauthorized activity, such as attempts to access data without proper authorization.

  • Intrusion Detection Systems (IDS): We use advanced intrusion detection systems to identify and respond to potential threats in real-time.
  • Incident Response Plan: In the event of a security breach or data compromise, we have a clear and established incident response plan to mitigate the damage, notify affected individuals, and report the breach to relevant authorities, as required by law.

 

5. Data Storage and Backup

We store all sensitive data in secure, encrypted environments to prevent unauthorized access or loss of information. Regular backups of our critical systems and data are performed to ensure business continuity in case of an emergency or system failure.

  • Secure Storage: All personal data is stored in protected systems with restricted access to safeguard against breaches or unauthorized changes.
  • Backup Procedures: We perform daily, weekly, and monthly backups of our systems and store them securely to ensure that data can be recovered if needed.

 

6. Third-Party Service Providers

We ensure that any third-party vendors or service providers we engage to process your data adhere to the same high standards of security and data protection. We require all third-party providers to sign Data Processing Agreements (DPAs) to ensure that your data is treated securely and in compliance with relevant data protection regulations.

 

 

7. Website Security

Our website is designed and maintained with security in mind to protect against common threats, such as cross-site scripting (XSS), cross-site request forgery (CSRF), and SQL injection attacks.

  • Regular Vulnerability Scanning: We regularly scan our website for security vulnerabilities and apply patches and updates to fix any issues that could pose a security risk.
  • Firewall Protection: Our systems are protected by firewalls and other security measures that prevent unauthorized access to our internal networks.

 

8. Employee Training and Awareness

All employees of Storkfort Health are trained on data security best practices, including recognizing phishing attempts, ensuring the use of strong passwords, and following proper protocols for handling sensitive data. Regular training sessions are conducted to ensure that our team stays informed about emerging threats and security practices.

 

9. Compliance with Regulations

We are committed to adhering to local and international data security standards, including the Data Protection Act, 2018 (Botswana), General Data Protection Regulation (GDPR) (EU), and Health Insurance Portability and Accountability Act (HIPAA) (USA). These regulations set stringent requirements for data security and protect the privacy of our clients and patients.

  • GDPR Compliance: We ensure that your personal data is processed lawfully, transparently, and for specific purposes in compliance with the GDPR.
  • HIPAA Compliance: As part of our health-related services, we adhere to HIPAA guidelines to ensure that all health information is handled with the highest level of security.

 

10. Security of Payment Information

If you make payments through our website, we use secure payment processors to ensure that your financial information is processed safely. We do not store credit card details on our systems, ensuring that your payment data is handled by trusted third-party providers who comply with the latest security standards, such as PCI-DSS (Payment Card Industry Data Security Standard).

 

11. User Responsibilities

As a user, you are also responsible for maintaining the security of your personal information. We recommend the following to enhance your security:

  • Use strong, unique passwords for your accounts with Storkfort Health.
  • Do not share your password with anyone.
  • Log out of your account after each session to prevent unauthorized access.

 

12. Changes to This Security Policy

We may update this Security Policy from time to time to reflect changes in our security practices or regulatory requirements. Any changes will be posted on this page, and the “Effective Date” will be updated. We encourage you to review this policy periodically to stay informed about how we are safeguarding your data.

 

13. Contact Us

If you have any questions or concerns about our security measures, or if you need to report a security incident, please contact us:

Storkfort Health
Plot 50667 | Suite 2 | Medical Mews Fairgrounds
Gaborone, Botswana
Email: hq@storkfort.com
Tel: +267 397-4578
Website: www.sh.co.bw