Data Protection and Data Security as a Priority
Privacy by Design & Privacy by Default
At medavis, the protection of patient data constitutes a major component in the development process of all products. As a result, basic data protection requirements are already met by default (Privacy by Design) and are also activated automatically during commissioning (Privacy by Default).
Certified Security
Exceptionally high standards apply to web applications, which are becoming an increasingly essential part of processes in healthcare. To ensure this, we regularly conduct security pentests, which are audited and certified by independent and accredited service providers. This allows us to identify the most prevalent threats and take effective measures to avert them.
Pentests are carried out according to the following recommendations and guidelines:
German Federal Office for Information Security (BSI)
Open Source Security Testing Methodology Manual (OSSTMM)
Open Web Application Security Project (OWASP)
Payment Card Industry Security Standards (PCI DSS)
Certifications in Line with Recognised Standards
medavis maintains an information security management system in accordance with the leading ISO 27001 standard, which not only encompasses the classic IT areas but all processes in the value chain. These also include in particular the areas of software development, project implementation and support, which are of importance to our users.
The ISO 27001 standard (information security management system) ideally complements the standards ISO 9001 (quality management system) and ISO 13485 (quality management system for medical devices), according to which medavis has already been certified for many years.
medavis users benefit greatly from the fact that they can fully trust a certified manufacturer to consistently implement the rules of recognised standards.
Our Measures at a Glance
Permission concept, detailed access permissions
Secure, encrypted data transmission
Extensive password guidelines
Two-factor authentication
Configurable log-in lock
Traceability via event logs with extensive logging
Documentation of patient consents
Extensive pentesting
Certification according to ISO 27001, ISO 9001, and ISO 13485 standards