Data Privacy

Data Access Control

Access to data resources is managed per user, based on attribute-based access control. PHI information access is incorporated into the permission system, and it is possible to define, per user, whether they are entitled to access PHI info and what info they can access. The same controls are valid for non-public APIs, where each call is authorized and matched to the specific permissions of the caller, including access to PHI data.

Data export is done via private APIs that adhere to the authorization and permission system. This means that it is possible to control which external entities are entitled to receive information containing PHI information and which entities are not entitled to PHI information.

Users Audit

Every change made by a user is logged into an audit log. Changes to PHI data are logged and can be traced back directly to the user who instigated the change.

Regional Security Services

All system data is managed per region and adheres to regional regulations. Data is deployed and stored in the region you select, and if you operate across multiple regions, dedicated environments are set up accordingly, ensuring medical data remains within the required country or region.