Compliance & Certifications

Last updated: 7/15/2025

Regulatory Compliance

LeLink is designed to meet the highest international standards for healthcare data protection and privacy. Our compliance framework covers multiple jurisdictions to ensure global accessibility while maintaining strict security standards.

GDPR Compliant

Full compliance with the European General Data Protection Regulation, ensuring complete user control over personal data.

HIPAA Aligned

Following US Health Insurance Portability and Accountability Act standards for protected health information.

PIPEDA Aligned

Adhering to Canada's Personal Information Protection and Electronic Documents Act principles for privacy protection.

Security Standards

Data Encryption

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • End-to-end encryption for sensitive communications

Access Control

  • Multi-factor authentication (MFA) required
  • Role-based access control (RBAC)
  • Zero-trust network architecture
  • Regular access reviews and audits

Blockchain Security

  • Immutable audit trails for all data access
  • Cryptographic hashing for data integrity verification
  • Decentralized architecture prevents single points of failure

Audit and Monitoring

Continuous Monitoring

  • 24/7 security monitoring and alerting
  • Automated threat detection systems
  • Regular vulnerability assessments
  • Incident response procedures

Compliance Audits

  • Annual third-party security audits
  • Regular compliance assessments
  • Penetration testing every 6 months
  • Documentation of all security controls

Data Governance

Data Minimization

We collect only the minimum data necessary for providing healthcare services, and automatically purge data according to retention policies.

Data Sovereignty

Patients maintain complete control over their data, including:

  • Who can access their information
  • How long data is retained
  • Where data is processed and stored
  • The right to data portability and deletion

International Standards

ISO 27001

Our information security management system follows ISO 27001 best practices for systematic security management.

ISO 27799

We implement health informatics security management specifically designed for healthcare organizations.

FHIR R4

Full compliance with Fast Healthcare Interoperability Resources (FHIR) R4 standard for healthcare data exchange.

Disaster Recovery & Business Continuity

  • RPO (Recovery Point Objective): 1 hour maximum data loss
  • RTO (Recovery Time Objective): 4 hours maximum downtime
  • Automated backups with geographic redundancy
  • Regular disaster recovery testing
  • 99.9% uptime service level agreement

Transparency and Accountability

Open Source Commitment

LeLink is an open-source project, ensuring:

  • Full transparency of security implementations
  • Community review and contributions
  • No hidden backdoors or vulnerabilities
  • Public audit of all code changes

Public Reporting

  • Annual transparency reports
  • Security incident disclosure (when appropriate)
  • Compliance certification updates
  • Open documentation of security practices

Contact Our Compliance Team

For compliance inquiries, security reports, or certification questions:

Hora e.V. Compliance Office
ZVR: 1335812639
Email: compliance@hora-ev.eu
Security Issues: security@hora-ev.eu
Website: hora-ev.eu

Responsible Disclosure: If you discover a security vulnerability, please report it to security@hora-ev.eu. We appreciate responsible disclosure and will acknowledge and address reports promptly.