Leyr Security

At Leyr, we prioritise the protection of patient data privacy. To ensure the confidentiality of the data entrusted to us, we have implemented robust security measures at the core of our services.

In summary:

  • Leyr does not store any patient data. It only facilitates the passing of data through our services. This means that if Leyr's systems were to be attacked, it would not lead to unauthorised access to patient data.
  • Data transmission is secure and encrypted following industry best practices. Even if data were to be intercepted, it would be incomprehensible in its encrypted form.
  • Double encryption is used when setting up developer applications. This involves creating a key on your side and another key on Leyr's side. Without access to both keys, no requests can be made towards an Electronic Health Record (EHR). We employ machine-to-machine credentials to ensure that requests come from authorised accounts.
  • A strong password is required for a developer portal account, and we regularly back up developer apps to mitigate any potential harm caused by an account being breached. Again, no patient data is available from the developer portal.

As a Leyr customer, you can confidently utilise our API to read and write EHR data from your applications. However, it is important to note that if a breach occurs on your side and an intruder sends requests through your systems, it may appear to us as legitimate requests.

Therefore, it is crucial for your organisation to have sound cybersecurity measures in place for systems that interact with Leyr. You are dealing with patient data, after all.