We are dedicated to creating, developing and helping to implement Mobile Health solutions. The era of the ‘simple medical app’ is long gone. Health is our most prized possession and our mobile phones are being increasingly used to keep track of our personal medical information. Securing that data has become the foremost priority for every Mobile Health developer.
Over the last four years Synappz has made considerable investments in the security of its technology as well as in its internal organization in order to be certain to manage all medical data in a manner which is fully compliant with the latest laws and regulations. We want to be 100% transparent about all that we have done to achieve that.
In 2012, Synappz was the first developer in The Netherlands to obtain a CE-marking for a medical app. But, besides from this product-based certification there are two higher levels that dictate how data security needs to be handled: an organizational and a technological level.
EU laws and regulations stipulate that every organization working with personal data is obligated to comply with stringent standards and requirements. An organization can demonstrate that it is fully compliant with the legal obligations by having its processes audited under the framework of the following certifications:
- ISO 27001: International IT Security Standard
- NEN 7510: International IT Security Standard for Healthcare Information
We are not going to embellish the truth: a 100% watertight system simply doesn’t exist. Not even the NSA can pretend otherwise…However, (medical) data storage can be successfully safeguarded by implementing a sufficient number of measures.
We have been developing our backend platform – the Cortex – for the last four years; security has been the first and foremost priority from the onset. The following elements have been included in the Cortex by default:
Our physical servers are housed with a renowned Cloud hosting provider, active in 33 countries spanning 5 continents. All European data is hosted in fully certified data-centers in The Netherlands and cannot be made available to foreign authorities (US Patriot Act). These data-centers are equipped with the most advanced security systems available (biometric hand scanners, visual inspection, cameras, etc.).
Data storage and transport
Access to our database is regulated by the international OAuth 2.0 standard, which we further strengthened via several encryption technologies. This login framework is built into our newly implemented onboarding process for medical apps.
The data that we send over the web makes use of the encrypted TLS protocol, a cryptographic algorithm for the secure transfer of data. To put it simply, the data gets protected by an encrypted multi-layered ‘peel’ before being sent off.
Three distinct databases are used to store the data and ensure an ultimately secure separation of all personal data: a database with login details (such as email and password), a database with non-medical user details (such as name and address), and a database containing the actual medical data. The connections between these databases are managed with keys that are secured via AES256 encryption; only the user can establish the connection.
Throughout the Cortex’s entire development we were guided by privacy and security experts from Deloitte, who helped us to ensure that our backend solution complied perfectly with the strict requirements as mandated through their Assuring Medical Apps certification program. A team of ethical hackers subjected the Cortex to a series of state-of-the-art penetration tests in order to rule out the possibility of any kind of malicious access or data leakage. We are proud to announce, that thanks to our unwavering attention to all security aspects, our Cortex has been classified as having the top A+ status in the SSL Qualys labs.
Explaining in detail how we safely and reliably manage medical data in a nutshell is somewhat of a challenge…so please don’t hesitate to contact us if you would like to obtain more in-depth information. You can send us an email to firstname.lastname@example.org. and we will happily provide you with our exhaustive White Paper covering the topic.