Key Data Security Principles at Doctolib

Published in

Doctolib

6 min readMar 14, 2023

With the digital transformation of healthcare, individuals are presented with an opportunity to share both personal and sensitive information. However, concerns over the protection of this data have become increasingly prevalent. As a leading healthcare application, Doctolib recognizes the need for transparency in managing sensitive data. In this regard, we aim to provide a clear understanding of the measures we undertake to safeguard your information, allowing you to make informed decisions.

In this article, we will share with you some insights into the key data security principles that we are committed to. We’ll explain what each principle implies, how they are applied, and how they impact our operations. Let’s dig in together!

Data security

Cybersecurity is a complex process that involves a lot of elements and it’s our responsibility to anticipate any risks to protect the data of the 70 million patients in Europe and the 340,000 healthcare personnel who use our services. Our cybersecurity principles have been developed over the past years. Of course, we keep improving them as Doctolib evolves.

This list is not exhaustive but these are our main pillars in cybersecurity.

Risk management

This is one of the first and major steps in data security. At Doctolib, risk management is a continuous process of identifying, analyzing, and evaluating potential threats. We try to consider all cyber and physical security threats relevant to our company, even the most unrealistic ones like floods in a data center. This list is constantly updated with new threats that are detected by different sources e.g. by external pentesting or audits. Thus we can ensure to cover most vulnerabilities, especially the ones we haven’t thought of ourselves.

Our commitment to a frictionless risk management process is highlighted by the ISO 27701* certification obtained in January 2023. Doctolib is one of the first companies in healthcare to get it in Europe! We are acknowledged to have implemented robust data protection processes and risk-based controls. Moreover, this recognition demonstrates that we take appropriate measures to protect personal data and are committed to being transparent and responsible in data management practices.

As you may know, certification is a never-ending story as it needs to be maintained. That means we regularly get audited by authorities for ensuring that the right processes are still in place.

Compliance framework

Ethics and compliance go hand in hand in healthcare. Operating in this industry implies having many compliance requirements to ensure medical confidentiality. According to our framework, we know what type of data we handle, what regulations are applied to it, and what special steps are expected from us in terms of protection. We have a legal team that makes sure that each product is compliant from day one, including the tools we use, features we implement, regulations we follow, etc. Not only the legal team but everyone working with the product is responsible for making sure that we don’t expose users’ privacy to risk.

Corporate security

Secure configuration refers to the measures that we’ve implemented for installing and managing network & devices to reduce cyber vulnerabilities. We’ve established consistent and secure baselines that include timely deactivation of irrelevant user accounts and functionalities, careful choice of software, and proper file permissions among many other actions. It might sound simple but a secure configuration requires having a lot of control and well-established processes. Internal employee education on security is also very important to reduce vulnerabilities.

Data classification

As mentioned earlier, working in healthcare requires knowing what kind of data we store to protect it accordingly. We distinguish 3 basic types of personal data: personally identifiable information (PII), health Information (HI), and protected health Information (PHI).

Our data is categorized according to its sensitivity and, correspondingly, risks. This way, we know what would be the adequate level of security to apply to each of these categories. Data classification is also closely linked to access management which will be discussed next.

Access control

Access control enables us to manage who is authorized to access data and resources. The measures are implemented for us internally as well as for our users.

There are two basic components of access control that are not necessarily applied together — authentication (when one needs to type in their username and password) and authorization (specifies access rights and privileges to resources). As we work with sensitive data, just authentication isn’t enough and we apply fine granular authorization management.

If you use Doctolib as a healthcare professional you might know that two-factor authentication (2FA) is a must and therefore cannot be deactivated. The 2FA protects accounts against the loss or theft of passwords. Moreover, we verify users via email, SMS, or authentication applications. Authorization is applied not only to access the data but also when using certain features, e.g. when adding a new user to an existing organization. The same is applied to our employees — 2FA is a standard and is required to be activated.

On top of that, we apply policies to ensure appropriate control access levels are granted to both users and employees. Care teams using our application might have noticed that there are different types of permissions and rights so each organization administrator can decide who can access what.

Attack simulation

Each company including us wants to identify vulnerabilities before hackers do, and that is why we apply attack simulation. We simulate attacks from outside and inside our infrastructure.

As an example of the outside part, last April we launched a public Bug Bounty Program where anyone can participate and get a bounty reward of up to €20.000 for critical issues. Whenever someone finds a bug, we fix it promptly and make sure it doesn’t happen again by employing a wide array of tools, like tests or static application security testing (SAST) scanners in our continuous integration (CI).

To find as many security gaps as possible, we also commission penetration tests and red team audits. The goal of pentests is to identify vulnerabilities within our infrastructure, exploit them and evaluate the risk level of each vulnerability. Red teaming implies a simulation of a real-life attack without time limitations and with the use of a wider range of tools than for pentests, so the results turn out to be more in-depth. On top of that, we also get audited by cybersecurity experts to make sure our protocols work as proven. For example, some of our encryption protocols have been audited by Cryptoexperts.

Apply best practices

We aim to stay up to day about any cutting-edge technologies and apply the best practices currently available. This is why we were one of the first companies in healthcare to implement end-to-end encryption. Moreover, we actively apply anonymization, we minimize the amount of data collected and stored, and we choose the most reliable providers available. We have high standards for cybersecurity, so we always try to become better at this topic.

Conclusion

This article you just read has provided an overview of how Doctolib’s security system is structured and the steps taken to protect user information. Doctolib has gone to great lengths to ensure that its platform is protected, including implementing encryption, authentication, and access control measures. The transparency with which we have shared information about our security system is a testament to our commitment to user data privacy and security. If you were previously unsure about sharing your data via Doctolib, the information in this article should provide you with greater confidence in our services.

Don’t hesitate to share your thoughts and comments. If you want more technical news, follow our journey through our docto-tech-life newsletter.

1 The international standard for a Privacy Information Management System (PIMS)

The purpose of the article is to present and share the work done by Doctolib’s tech team. The information contained in this article is provided for information purpose only (on an “as is” basis with no guarantees of completeness or accuracy) and does not constitute any legal advice, nor has a legal value. Therefore, it could not contradict in any manner whatsoever with any legal binding terms applicable to your relation with Doctolib