Patient Comes First

With Celo the Patient’s privacy comes first. All communication and information related to a patient is securely stored on our encrypted database and never stored on the mobile app.

Celo is compliant with regional requirements. See our compliance section for more information.

Authenticated Healthcare Network

Celo features an Authenticated Healthcare Directory. By authenticating all users of Celo, we ensure an up to date and safe network of healthcare professionals. Using Celo, finding the right colleague at the right time is easy and secure.

Celo can also integrate with an Active Directory for our Enterprise customers. Profile features include position, department, role and “On Call” status.

Mobile Device Security

Access Celo securely by using biometrics or your Celo PIN number. No patient information is stored locally on the device. This ensures that if a user loses their device, that patient information is not compromised. All patient information is securely stored on the server.

Secure Clinical Photos

All photos in Celo are captured from inside the Celo App. All photos are watermarked with patient and Celo user information as well as a timestamp, and uploaded to the server as soon as they are taken. Celo photos are not stored on the local camera roll and are instead securely stored on the server.

Communication Security

When a healthcare professional on the Celo network accesses patient information through the app it is sent over a secure channel (2048 bits HTTPS using sha256RSA) and only stores the information in the phone’s memory while the app is active, after which it is automatically removed.

Secure 3rd party integration

Celo allows integration with Electronic Medical Records. This improves patient safety and allows auditing. Integration via RESTful APIs with multi factors of authentications like API Keys, (Mutual SSL), IP restrictions and more. We support the use of FHIR (Fast Healthcare Interoperability Resources). Ensure clinical images or important notes are filed to patient records appropriately.

Safe Storage of Patient Data

We use Microsoft Azure cloud storage and our data centres are located in relevant regions for our different customers. Celo is compliant with regional requirements. See our compliance section for more information.

Our Azure databases use Transparent data encryption (TDE) to help protect data against the threat of malicious activity. It performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest.

On top of this, fields containing patient data are encrypted using AES-256.

Celo’s databases utilise Microsoft Azure’s active geo-replication enabling secondary databases in different locations (regions), allowing for failover if there is a data centre outage or the inability to connect to the primary database.

Raw access to Celo’s database servers requires multiple levels of authentication and Celo’s technical staff working on the servers must undergo mandatory police and background vetting checks.

Microsoft

Compliance

To protect patient health information and Celo user information as required by many privacy laws around the world, Celo’s databases use the most thoroughly compliant cloud service provider to store and process all data. Microsoft Azure has “more certifications than any other cloud provider” and is compliant with many international, industry-specific and country-specific standards. These standards include General Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, Australia IRAP, UK G-Cloud, and Singapore MTCS. Microsoft Azure is also rigorously audited by third party authorities such as the British Standards Institute to ensure all standards are met.

On top of this, Celo strives to be even more secure than required standards, by working with regulators to seek approval from national and government health organisations; allowing organisations to run their own technical analysis on the Celo app, and protecting all data with each individual user’s unique password and passcode. In New Zealand, Celo has been approved for use by the Ministry of Health (NZ) at a government level.

compliance

Celo vs. WhatsApp in the Healthcare Setting

In the healthcare sector, there are mobile devices everywhere which are often being used at the point of care. In particular, clinicians at hospitals and healthcare organisations are using consumer text-messaging and instant-messaging apps to communicate and discuss patient details due to the convenience of these services. This can violate health privacy standards, including HIPAA (USA), GDPR (EU & UK), HISO Regulations (NZ), or OAIC (AUS) regulations. At Celo, we have solved the problems this presents and have become an integral part of the healthcare sector by offering compliant and secure solutions to individuals and organisations.