This Primer is intended to answer some of the basic security questions you might have about Sikka Software.

We use Bank Level security to keep your data safe.

What encryption is used to transmit my data to the “Sikka Cloud”?

● SSL 128 bit / SHA 256

What kind of encryption is used in Sikka Software’s data centers supporting the “Sikka Cloud” environment?
● AES 256-XTS / SHA 256
● additionally: each customer has a separate and distinct database instance (shard) within the “Sikka Cloud”

These are the steps Sikka Software takes to ensure the security and availability of our platform:

● Logical security: Controls provide reasonable assurance that logical access to our platform and production systems is restricted only to authorized individuals.
● Privacy: Controls provide reasonable assurance that Sikka Software has implemented policies and procedures addressing the privacy of customer data.
● Data center physical security: Controls provide reasonable assurance that data centers that house the Sikka Software production systems, data and corporate offices are protected.
● Incident management and availability: Controls provide reasonable assurance that your data in the Sikka Software platform are redundant and incidents are properly reported, responded to, and recorded.
● Change management: Controls provide reasonable assurance that development of and changes to the Sikka Software platform undergo testing and independent code review prior to release into production.
● Organization and administration: Controls provide reasonable assurance that management provides the infrastructure and mechanisms to track and communicate initiatives within the company that impact the Sikka Software platform.

Once my practice data is on the “Cloud” who owns it?

Your practice data is your data, and it should always stay that way. There are no practice, patient, or provider-identifiable data points utilized in our roll-up summaries. The benchmarking component of our platform sanitizes and anonymizes all the data contributed to our benchmarking tables. We never use Protected Health Information (PHI/ePHI) or any type of patient-identifiable data outside of your account or in our shared benchmarking service.

Please see these links for more details: