Privacy Policy
What follows is Walking Doctors (WD) data management policy applied to all projects pursued
independently or in partnership.
Reliability Practices
• Data must be stored in at least two geographically distinct data centers and be durable in the event
of one of the data centers becoming unavailable for any reason
• Every data processing subsystem must be composed of multiple individual resources that are
located in at least two geographically distinct data centers. Such subsystems must be designed to
survive the unavailability of a single data center.
• Network connections into Walking Doctors (WD) systems should terminate close to the end user as
possible.
• Customer data must be separated such that data resources for customers may be operated
independently of each other.
Security Practices
• All data must be encrypted both in transit an at rest.
• All cloud systems involved in data processing must be configured in accordance with the Cloud
Security Policy.
• Customer and staff logins to our applications use cryptographically signed, expiring access tokens
that can be revoked.
• Customer passwords must be evaluated on the basis of an estimated password strength of “Safely
Unguessable” as determined by the Zxcvbn password strength estimation algorithm.
• Employee and contractor passwords must be evaluated on the basis of an estimated password
strength of “Very Unguessable” as determined by the Zxcvbn password strength estimation
algorithm.
• Where possible, medical data must be cryptographically signed by users that last updated the data.
• We employ automatic systems for detection, notification and remediation of software
vulnerabilities, as well as manual review of system changes.
Privacy Practices
• Access to care-receiver data is not granted by default to customer users, but rather granted
explicitly by a customer user with administrative privileges.
• Employee and contractor system access must be granted and reviewed in accordance with the
Access Control Policy.
• Access to care-receiver data by Walking Doctors employees and contractors is made on a least
authority basis. By default, only the CEO, CTO and senior members of the Operations team have
access to care-receiver data for the purposes of system’s monitoring and maintenance only.
Walking Doctors Cloud Security Policy
The following guidelines apply to all use of AWS and similar cloud computing resources. If a service lacks
the capabilities referenced here, a revision of this policy must be approved before the service is
integrated.
• Data, medical or otherwise must be housed and processed in an isolated network, VPC or similar.
IaaS vendors must provide a similar environment with the capability of a private bridge or link to a
Walking Doctors VPC.
• All root credentials to cloud resources must be stored encrypted in the Core Infrastructure section
of our password management system. Access to these credentials is subject to our Access Control
Policy.
• All non-root credentials must be granted on principle of least authority and reviewed in accordance
with our Access Control Policy.
• Application access to managed resources must be managed on a principle of least authority.
Application security roles/policies must confer the least amount of access necessary to function.
• Where possible, application roles should be broken up by function and specific roles and policies
developed to provide minimal access for the given application role.
• Where offered by cloud providers, features that log API usage should be turned on and log to a
location inaccessible by non-root credentials.
• Cloud resource management must use separate accounts for separate environments (for example,
production VPCs must be created in production cloud provider accounts that are separated from
staging and development). This simplifies credential management and improves ability for security
personnel to reason about risk.
Walking Doctors Access Control Policy
Walking Doctors takes a “least access” approach to access control. In addition, we implement the
following policies:
• All Walking Doctors employees or contractors are required to have discrete credentials that are not
shared with any other individuals or groups.
• Employees of Walking Doctors or contractors are only provided access to the minimum resources
necessary for them to complete their required responsibilities.
• When possible, sample, anonymized or synthetic data sets are used as opposed to giving access to
secure PII.
• Access to PII or other secure information can only be approved by the CEO, CTO, or COO.
• Credentials and access are immediately removed upon termination of an employee or contractor, if
not prior to termination when possible.
• Access to critical resources is logged.
• Security assignments and information access rights are reviewed monthly.
• Default accounts are deactivated upon provisioning of a new system or software component.
• System accounts are secured upon provisioning of a new system or software component.
• No user will be provided administrative access to systems or data unless necessary to complete their
job responsibilities.
• Employees may only access information systems using approved work devices.