Techical Requirements

Hassisto security & compliance features

Sensitive data security is provided by Chino.io APIs

Encryption

Record level encryption with AES-256 and HTTPS/TLS for transmission. Secure indexing and tokenization for search operations. Encryption keys (for each user) managed according to HSM standards.

With Chino.io you can use any programming language to develop your compliant Health App

Access control

Flexible and granular access control policies to define access rights for single users (or groups of users) to single documents (or collections of documents).

Gain trustability thanks to our API for Health Applications

Immutable audit logs

Legally valid immutable logging system. Tracking of who accesses data, when it was accessed, and from where. Logs contain enough information in case of legal disputes, without violating users’ privacy.

Compliance requirements

Consent tracking via the API and available in the Console, Right to be Forgotten (RTBF) via API and encryption key deletion, data portability via API and Console using JSON data encoding.

API security & monitoring

Constant (24/07) security monitoring of the API status, attacks, and anomalies in the system. State of the art standards for API security, and constant updates of tools, plugins and libraries.

Backups

Daily incremental backups stored encrypted with AES-256 in two separate physical locations. Weekly backup history, plus four backups for the current month and one backup for each month for 6 months.