Data Privacy

Data Access Control

Access to data resources is managed per user, based on attribute-based access control. PHI information access is incorporated into the permission system and it is possible to define per user whether they are entitled to access PHI info and what info can they access. The same controls are valid for non-public APIs where each call is authorized and matched to the specific permissions of the caller, including access to PHI data.

Data export is done via private APIs that adhere to the authorization and permission system. This means that it is possible to control which external entities are entitled to receive information containing PHI information and which entities are not entitled to PHI information.

Users Audit

Every change made by a user is logged into an audit log. Changes to PHI data are logged and can be traced back directly to the user that instigated the change.

Regional Security Services

All system data is managed per region and adheres to regional regulations. It is possible to define where data is stored (what region) and where it can be sent to, providing the owner of the system full control over sensitive issues like keeping medical data within the country they are working in.

BioT Multi Region automates routing of data from the device to the cloud in a way that complies with the privacy regulation set at the country of the owner of the device.