Technology

Technology

Discover the technology and methodology that keep Medicom's health information exchange secure and private.

Core Technology & Platform

Encrypted, Single-Use, Peer-to-Peer Communication Channels

Medicom operates a federated health information network that enables providers, patients, payors, and life science institutions to search, access, and share relevant health information that resides in potentially thousands of disparate sources.

Medicom’s platform establishes encrypted, single use, peer-to-peer communication channels between Medicom Network participants. This decentralized architecture safeguards patient privacy by eliminating the storage of health data in the cloud and improves the efficiency of transfers by maximizing available bandwidth for establishing direct, peer-to-peer data channels. Multiple simultaneous data channels can be opened between two peers to prevent link saturation and slowdowns with large transfers.

Privacy & Security

Your Trust Matters Most

At Medicom, privacy, security, and compliance are core principles. We established our decentralized health information network to address the challenges of accessing and sharing health information in a secure, efficient manner for an increasingly digital world. We continue to apply these principles in every decision that we make and continue to make substantial investments in these areas to ensure that we exceed industry standards.

Medicom’s servers are used for the purposes of authenticating two peers to establish a connection and recording an audit entry for each transfer. The connection between two peers and Medicom’s servers is severed prior to the transmission of any data through the peer-to-peer data channel.

Medicom utilizes a proprietary encryption method to provide industry-leading security. Connections established by Medicom’s server are created using 2048 Asymmetric DTLS keys and use AES-256 keys to encrypt data at rest. Additionally, Medicom’s system requires a DTLS handshake in order to set up a data channel between peers.

Medicom has an internal compliance and security team (CST) that oversees all compliance policies, procedures, and security assessments.

Medicom records and stores encrypted audit trail information pertaining to a transfer in compliance with the United States Code of Federal Regulation 45 § 164.312(1)(b).

All Medicom employees are regularly trained and certified in HIPAA and security practices. Medicom maintains an extensive, internal information security policy (ISP) that encompasses employee requirements for electronic communication, reporting processes, handling of confidential information, access controls, internal assessments, authentication, encryption, and more.

Medicom’s system provides administrators the ability to assign user privileges and roles on a granular level. Role and privilege granularity restricts users to only have access to what is pertinent to their job functions and ensures that access controls remain consistent with internal policies.

Compliance

Exceeding Standards

Medicom is designated as a non-covered entity under HIPAA and HITECH rules (45 CFR 160.103). Medicom’s data transfer protocol exceeds HIPAA and HITECH requirements for ePHI, allowing users to be compliant with applicable rules (45 CFR 160.302-.318). Unlike most cloud offerings, we do not store diagnostic data.