Legal & compliance

 

Ensuring compliance with relevant obligations is fundamental to the achievement of Vula's business objectives. We therefore take a committed and proactive approach to get it right.

Vula strives to meet all of its compliance obligations and appropriately respond to any compliance and/or regulatory issues, and is committed to having in place appropriate and effective systems, processes and tools to enable it to do so. Vula is also committed to having an organisation-wide culture of ethics, integrity, transparency and accountability, and conducting its business activities lawfully in a manner that is consistent with its compliance objectives and obligations.

 

Privacy

Privacy Policy

At Vula we value our Data Subject's privacy and strive to protect their Personal Information. Vula’s Data Subjects are typically Health Practitioners (also known as Healthcare Professionals), or people employed in an administrative role and acting on behalf of a healthcare establishment, department of health or a private or public healthcare practice. As a Responsible Party, we will only collect, process, store and share your Personal Information in accordance with the Protection of Personal Information Act No. 4 of 2013 (POPIA) as detailed in our Privacy Policy.

Read the full Privacy Policy.

 

Patient Privacy Notice

The Vula Platform is a tool which allows the healthcare professionals to share patient information with medical and surgical specialists in order to obtain expert advice and expedite referrals. To provide this service, the information of the patient needs to be entered into the Vula Platform by the healthcare professional (or approved administrative associate), on a case by case basis, and shared with the selected specialist(s). We act as an Operator, as the term is defined in POPIA, and process patient Personal Information and Special Personal Information on behalf of our Data Subjects (Health Practitioners), in accordance with an agreement with the aforementioned individuals, when they use the Vula Medical Referral and Chat Platform. The Patient Privacy Notice pertains to our role as an Operator who collects, processes, stores and shares patient Personal Information and Special Personal Information in the provision of this service to Health Practitioners.

Read the full Patient Privacy Notice.

For any queries or concerns related to the privacy of your data, please contact the Vula Information Officer via support@vulamobile.com

Further information on the Protection of Personal Information Act No. 4 of 2013 (“POPIA) can be found here.

 

Data Security

cyber-essentials-certified-plus-logo.png
 

Vula places great importance on the security of all the information we are entrusted with. We regularly review and implement up-to-date administrative, physical, technical and organisational security measures and have obtained our Cyber Essentials Plus certification verifying that the cybersecurity and information security policies, processes and procedures of our organisation are at an exceptional standard.

 

Vula has also obtained our HIPAA Seal of Compliance through The Compliancy Group, a healthcare industry third party HIPAA verification provider. The HIPAA Seal of Compliance verifies and validates that companies have made a good-faith effort to satisfy HIPAA requirements and have the documentation to illustrate this. The three components of HIPAA security rule compliance require organisations processing patient data to keep this data safe and secure, and to exercise best practices in administrative, physical, and technical security.

 
org-logo.png

Vula healthcare data is FHIR/HL7 compliant. The Azure hosted data Interoperability API is ready to integrate with existing IT healthcare systems to provide real-time access to vital patient care information.

 

Platform Security

Our Vula Platform, comprising both the Mobile Application and Web Portal, are developed using secure technologies with Privacy by Design and Security by Default principles at the forefront of their architecture. The Platform can only be accessed using strong access control protocols, and only by Vula approved and validated users.

We advise all our users to have due regard for, and have implemented, generally accepted information security practices when utilising the Mobile App and Web Portal in order to assist in securing the Vula Platform, their own user accounts, own Personal Information, and the Patient Personal Information and Special Personal Information processed therein. Our Security Page provides more detailed information on recommended best practice security principles and practices.

Read more.

 

Hosting Environment

The Vula Platform is a cloud based solution hosted by Heroku, a Salesforce company, in a HIPAA compliant Amazon Web Services (AWS) Data Centre in Europe. AWS Data Centres are also ISO 27001:2013, 27017:2015, and 27018:2019 certified which provides further assurance on the physical, logical, and environmental security of the hosted solution, and the protection of Personal and Special Personal Information therein, as well as on the business continuity and availability of the platform and services we offer. 

Further information on Heroku, Salesforce, and their hosting services can be found at the following links:

Security Policy. Privacy Policy.