This SLA governs the technical availability parameters of the service provided by the Contractor under the Contract.
The Contractor guarantees 99.9% availability on a monthly basis, i.e. the permissible Downtime is ~43 min/month, measured through the Contractor's monitoring system. Downtime is defined as a period of time during which the system is not performing its core functions: users cannot access the site and/or patient users cannot connect with a medical specialist through Healee. The Contractor is responsible for monitoring downtime and system failures, as well as for their prompt resolution.
The Contractor is not responsible for downtime caused by issues and interruptions on the part of the hosting service provider.
Technical issue reports should be sent by the Medical Institution to the email address support@healee.com.
The initial training for working with the Platform that the Medical Institution has received covers matters related to the operation of its tools and its configuration. It is the responsibility of the medical specialists at the Medical Institution to update the information in their profiles.
The Contractor commits to the following levels of technical support on business days and during business hours from 9:00 to 17:00.
| Level | Description | Response | Resolution |
|---|---|---|---|
| High | Full system crash, data loss, all users affected | 1 h. | 3 h. |
| Medium | System or core component affected, all users affected, no workaround available | 3 h. | 5 h. |
| Low | Issue affects individual users only, in isolated cases, workaround available | 4 business days | Per planned software update schedule |
All data processed by Healee is stored on our servers located within the EU, in encrypted form. All data in transit is protected by the SSL connection established between the browser/device and our servers.
When a user (patient or medical specialist) creates a profile in Healee, they are provided with separate unique private and public keys (asymmetric encryption). The public key is stored on our servers and in a separate database (encrypted with AES-256 encryption). The private key is stored on the user's device and in a separate database (encrypted with AES-256 encryption), accessible only to the owner (patient/medical specialist) of the public/private key pair.
To ensure that the user has access to their private key on our server, every time a user logs into Healee, they are authenticated via AWS Cognito. In AWS there is a special role that ensures only the authenticated Cognito user has access to their private key stored in the corresponding AWS DynamoDB collection.
Every image sent through Healee is encrypted with a separate symmetric key (attached to the image subject). The symmetric key is stored encrypted using the user's specific public key, so that every time a user wants to access their images, they must send their private key to our servers in order to decrypt the symmetric key and gain access to the data. The private key is not stored on our servers and is used only to decrypt the requested data and send the requested data back. This ensures that even if for some reason a malicious user manages to gain full access to the servers, they will not be able to decrypt the messages and images of patients and medical specialists stored on our servers.
The Contractor maintains a business continuity plan in the event of infrastructure or system failure. The plan is tested, reviewed and updated at least once a year.
Backups of Healee's databases are created according to appropriate backup schedules to ensure that critical systems, records and configurations can be restored in the event of a disaster or media failure.