Security & Compliance

Your Data Security is Our Priority

Terra Health is committed to maintaining the highest standards of security and compliance to protect your health information.

ISO 27001:2013

Information Security Management System certification

Certified

DISHA Compliant

Digital Information Security in Healthcare Act (India)

Compliant

IT Act 2000

Information Technology Act compliance for electronic records

Compliant

CERT-In

Registered with Indian Computer Emergency Response Team

Registered

Security Measures

We implement comprehensive security measures to protect your health information

Data Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Health records receive additional encryption layers.

Access Control

Role-based access control ensures users only access data relevant to their role. All access is logged and audited.

Regular Audits

We conduct quarterly security audits, annual penetration testing, and continuous vulnerability assessments.

Secure Infrastructure

Our infrastructure is hosted on AWS with data centers in India, ensuring data sovereignty and redundancy.

Employee Training

All employees undergo mandatory security and privacy training with annual recertification.

Incident Response

24/7 security monitoring with defined incident response procedures and notification protocols.

Regulatory Compliance

We comply with all applicable Indian healthcare and data protection regulations

Digital Personal Data Protection Act, 2023

India's primary data-protection statute. Health data is treated as sensitive personal data. We collect data only for declared purposes, store it in Indian data centres, and honour your rights of access, correction, and erasure.

Purpose-limited collection and processing

Indian data residency for personal data

Access, correction and erasure rights

Breach notification to the Data Protection Board

Information Technology Act, 2000

Governs electronic commerce and cybersecurity in India. We comply with all provisions related to electronic health records, data protection, and cyber security.

Secure electronic record keeping

Digital signature compliance

Reasonable security practices

Privacy and data protection

Digital Information Security in Healthcare Act (DISHA)

Proposed legislation for healthcare data protection in India. We proactively implement DISHA-aligned practices.

Electronic health record standards

Patient consent management

Data portability rights

Health information exchange protocols

Clinical Establishments Act, 2010

Regulates clinical establishments in India. Our partner clinics are required to meet these standards.

Registration requirements

Minimum standards compliance

Record maintenance

Quality assurance

Telemedicine Practice Guidelines, 2020

Guidelines issued by the Medical Council of India for telemedicine practice.

Patient identification and consent

Appropriate technology standards

Prescribing guidelines

Record keeping requirements

Your Rights

Right to Access

You have the right to access all your health records stored on our platform. You can download your records at any time through your account settings.

Right to Correction

If you find any inaccurate information in your records, you can request corrections. We will verify and update records within 7 working days.

Right to Restrict

You can control who has access to your health information. Manage your sharing preferences through your privacy settings.

Right to Portability

You can export your health data in a machine-readable format and transfer it to another healthcare provider of your choice.

Report a Security Concern

If you discover a security vulnerability or have concerns about data protection, please report it to our security team immediately.

We have a responsible disclosure policy and appreciate security researchers who help us keep our platform secure.