Security

Keeping your data secure and accessible, 24 hours a day, 365 days a year. Meddbase is Penetration Tested and fully accredited.

Read our Data Protection Policy

Data processed by the Meddbase system is encrypted using high levels of security and protected by state of the art security devices. Copies of the data are kept in multiple separate data centre locations ensuring quick fail-over should an issue occur.

blankSecurity Standards

Our Information Security and Compliance program is committed to demonstrating industry best practices that assure current and future customers. This is monitored by both our internal team and by third-party industry experts.

Meddbase Medical Management Systems is accredited to ISO 27001:2013, NHS Data Security and Protection Toolkit (DSP Toolkit) and strictly follows GDPR. A copy of our current ISO certificate can be found here.

The Meddbase platform and our operating standards adhere to HIPAA & PIPEDA guidelines to ensure the safeguarding of electronic personal health data (ePHI).

MMS recently undertook the System and Organization Controls (SOC) 2 Type 1 report to further demonstrate the strength of the cybersecurity controls within the organization. The report describes the current systems and controls that are in place and reviews the documentation around these controls. We are pleased to have completed this process as it reinforces the quality of work carried out by our internal teams.

blankblankblank

Disaster Recovery

Meddbase offers your practice a reliable disaster recovery plan should the worst happen. In the event of a disaster at the practice such as a fire, flood or break-in, Meddbase customers are able to relocate to any location with an Internet connection and PC, and be up and running with full access to patients files and information in minutes, without any worries about data loss at their primary location.

Role-Based Access

The Meddbase practice management system has in-built security allowing you to setup specific rules governing the individuals and groups within your organisation who have access to specific data sets.

Meddbase is also designed to be a multi-location application and the security policy management reflects this, allowing organisations to setup security around patients within specific branches or locations or restricting users to data access relevant within their local practice or office.

A system administrator can create high level groups such as “Doctors” or “Accountants” and setup basic security, or choose to setup a more granular security policy.

Security policies can be setup to restrict access to specific patient records, areas of the medical record such as patient documentation, or restrict access to financial data and confidential company contracts.

If a user finds they require access to a specific part of the application, or even a restricted patient record, they are prompted with a security alert box which in turn gives them the option to request access from the Administrator or Administrator group, dependant on your setup.

The system will prompt the logged-in administrator to grant access in real time, or if the administrator is not logged in, an email can be sent requesting access.

Chambers and sub-organisation security

The Meddbase security system allows the setup of a chamber-style hierarchical company structure, offering organisations the option to setup and create sub-organisational structures. The system administrator can setup users and roles under each sub-organisation and furthermore setup granular security rights within the sub-organisation.

Each sub-organisation contains its own setup of patients, scheduling information and financial data. Users from the main organisation can be granted access rights to specific areas of the sub-organisation, such as scheduling information, or access can be completely restricted.

blank

blank

Your data is physically stored in high security data centres, as used by banks and government services. Only very limited numbers of authorised staff from Medical Management Systems Ltd can access these servers and each visit is logged ensuring complete audit trails. Data is replicated continuously between security centres to ensure immediate fail-over. You can access your data over the Internet at any time. As long as your office, home or current location has access to the internet, you will have access to your data. When your data is accessed via the internet the Meddbase server will negotiate a secure link with the end user. This is called SSL. Many common web-based applications use this technology to secure their data. Organisations such as banks use SSL for online banking; online shops use it for credit card purchases. SSL is a proven method of internet security and one which is recognised as the best.

"Meddbase allows us to grow. We had ongoing issues servicing clients and understanding our own commitments. Meddbase ensures we offers a consistent approach to client service and employee care regardless of clinician, location or employee. We could never have grown without it."

Duradiamond Healthcare