All data stored on the Meddbase servers is encrypted using high levels of security and protected by state of the art security devices. Copies of the data are kept in multiple separate data centre locations ensuring quick fail-over should an issue occur.
Medical Management Systems is accredited to ISO 27001:2013, NHS Data Security and Protection Toolkit (DSP Toolkit) and is GDPR certified and HIPAA compliant. A copy of our current ISO certificate can be found here.
Meddase offers your practice a reliable disaster recovery plan should the worst happen. In the event of a disaster at the practice such as a fire, flood or break-in, Meddbase customers are able to relocate to any location with an Internet connection and PC, and be up and running with full access to patients files and information in minutes, without any worries about data loss at their primary location.
The Meddbase practice management system has inbuilt security allowing you to setup specific rules around who within your organisation can access your data, and from which locations.
Meddbase is also designed to be a multi-location application and the security policy management reflects this, allowing organisations to setup security around patients within specific branches or locations or restricting users to data access relevant within their local practice or office.
A system administrator can create high level groups such as “Doctors” or “Accountants” and setup basic security, or choose to setup a more granular security policy.
Security policies can be setup to restrict access to specific patient records, areas of the medical record such as patient documentation, or restrict access to financial data and confidential company contracts.
If a user finds they require access to a specific part of the application, or even a restricted patient record, they are prompted with a security alert box which in turn gives them the option to request access from the Administrator or Administrator group, dependant on your setup.
The system will prompt the logged-in administrator to grant access in real time, or if the administrator is not logged in, an email can be sent requesting access.
The Meddbase security system allows the setup of a chamber-style hierarchical company structure, offering organisations the option to setup and create sub-organisational structures. The system administrator can setup users and roles under each sub-organisation and furthermore setup granular security rights within the sub-organisation.
Each sub-organisation contains its own setup of patients, scheduling information and financial data. Users from the main organisation can be granted access rights to specific areas of the sub-organisation, such as scheduling information, or access can be completely restricted.
Your data is physically stored in high security data centres, as used by banks and government services. Only very limited numbers of authorised staff from Medical Management Systems Ltd can access these servers and each visit is logged ensuring complete audit trails. Data is replicated continuously between security centres to ensure immediate fail-over. You can access your data over the Internet at any time. As long as your office, home or current location has access to the internet, you will have access to your data. When your data is accessed via the internet the Meddbase server will negotiate a secure link with the end user. This is called SSL. Many common web-based applications use this technology to secure their data. Organisations such as banks use SSL for online banking; online shops use it for credit card purchases. SSL is a proven method of internet security and one which is recognised as the best.