Data Protection and Data Security as a Priority

Locks security
High protection goals such as confidentiality, integrity, and availability of medical data have always had to meet the highest requirements for data security and data protection, even prior to the GDPR coming into force.

Privacy by Design & Privacy by Default

At medavis, the protection of patient data constitutes a major component in the development process of all products. As a result, basic data protection requirements are already met by default (Privacy by Design) and are also activated automatically during commissioning (Privacy by Default).

Certified Security

Exceptionally high standards apply to web applications, which are becoming an increasingly essential part of processes in healthcare. To ensure this, we regularly conduct security pentests, which are audited and certified by independent and accredited service providers. This allows us to identify the most prevalent threats and take effective measures to avert them.

Pentests are carried out according to the following recommendations and guidelines:

  German Federal Office for Information Security (BSI)

  Open Source Security Testing Methodology Manual (OSSTMM)

  Open Web Application Security Project (OWASP)

  Payment Card Industry Security Standards (PCI DSS)

Certifications in Line with Recognised Standards

medavis maintains an information security management system in accordance with the leading ISO 27001 standard, which not only encompasses the classic IT areas but all processes in the value chain. These also include in particular the areas of software development, project implementation and support, which are of importance to our users.

The ISO 27001 standard (information security management system) ideally complements the standards ISO 9001 (quality management system) and ISO 13485 (quality management system for medical devices), according to which medavis has already been certified for many years.

medavis users benefit greatly from the fact that they can fully trust a certified manufacturer to consistently implement the rules of recognised standards.

Our Measures at a Glance

  Permission concept, detailed access permissions

  Secure, encrypted data transmission

  Extensive password guidelines

  Two-factor authentication

  Configurable log-in lock

  Traceability via event logs with extensive logging

  Documentation of patient consents

  Extensive pentesting

  Certification according to ISO 27001, ISO 9001, and ISO 13485 standards

Do you have further questions or would like to get a demo?

Do not hesitate to contact us. We look forward to providing you with the necessary advice or to arrange a demo appointment with you, in order to present your optimal workflow.

* Mandatory field: Please fill in all fields marked with *.