User GuideAPI Reference
ProductUse CasesResource CenterFAQAbout UsBook a DemoSign Up - It's Free
User Guide
ProductUse CasesResource CenterFAQAbout UsBook a DemoSign Up - It's Free

Regulatory and Security

Suggest Edits

The BioT platform is designed with security at its core, integrating robust measures throughout the design, coding, implementation, and deployment processes. This comprehensive approach enables BioT to provide IoMT (Internet of Medical Things) manufacturers with advanced, medical-specific security solutions. Unlike conventional systems, security for medical devices must prevent unauthorized data access, ensure compliance with PHI, privacy, address regional data protection and control, maintain data availability, and implement strict access controls. Additionally, the platform adheres to security best practices and regulatory guidelines, such as those from the FDA, to safeguard against threats like service disruptions, data manipulation, and data breaches.

The BioT platform offers extensive access controls and auditing capabilities. We allow our customers full control over their data, as well as integrated data availability and control tools, preventing data from being lost. This allows our customers to adhere to the highest level of self-regulations, as well as any local and/or global regulations such as HIPAA and GDPR, as well as FDA cybersecurity guidelines and many other standards and regulations.

The system is deployed on Amazon cloud behind Amazon Internet Gateway that acts as a firewall as well.

All API communication with users, devices and servers (API communication) is secured over HTTPS/SSL connections.

Key management is done using Amazon KMS service which is FIPS 140-2 compliant and manages keys using a Hardware Security Module (HSM). Key validations, circulations, revocations, etc, are done using Amazon KMS.

The system allows 2 main communication channels:

  • Web services communications – users and API communication.
  • Device communication.

User/API communication is encrypted end to end and is inspected for application level attacks using a Web Application Firewall (WAF). No non-HTTPS communication is allowed and all ports are closed for non-HTTPS communication.

Device communication is MQTT based (encrypted end to end, and mutually authenticated) and goes through the
AWS IoT core. Non-MQTT protocols are not allowed.

All users and devices are authenticated using X.509 certificates and are authorized for access using user specific access control mechanisms.

Any user activity is logged and audited for irregular use.

All data at rest is encrypted using AES 256-bit encryption.

Updated 6 days ago