Security

Data processed by the Meddbase system is encrypted using high levels of security and protected by state of the art security devices. Copies of the data are kept in multiple separate data centre locations ensuring quick fail-over should an issue occur.

Security Standards

Our Information Security and Compliance program is committed to demonstrating industry best practices that assure current and future customers. This is monitored by both our internal team and by third-party industry experts.

Meddbase Medical Management Systems is accredited to ISO 27001:2013, NHS Data Security and Protection Toolkit (DSP Toolkit) and strictly follows GDPR. A copy of our current ISO certificate can be found here.

The Meddbase platform and our operating standards adhere to HIPAA & PIPEDA guidelines to ensure the safeguarding of electronic personal health data (ePHI).

Disaster Recovery

Meddbase offers your practice a reliable disaster recovery plan should the worst happen. In the event of a disaster at the practice such as a fire, flood or break-in, Meddbase customers are able to relocate to any location with an Internet connection and PC, and be up and running with full access to patients files and information in minutes, without any worries about data loss at their primary location.

Role-Based Access

The Meddbase practice management system has in-built security allowing you to setup specific rules governing the individuals and groups within your organisation who have access to specific data sets.

Meddbase is also designed to be a multi-location application and the security policy management reflects this, allowing organisations to setup security around patients within specific branches or locations or restricting users to data access relevant within their local practice or office.

A system administrator can create high level groups such as “Doctors” or “Accountants” and setup basic security, or choose to setup a more granular security policy.

Security policies can be setup to restrict access to specific patient records, areas of the medical record such as patient documentation, or restrict access to financial data and confidential company contracts.

If a user finds they require access to a specific part of the application, or even a restricted patient record, they are prompted with a security alert box which in turn gives them the option to request access from the Administrator or Administrator group, dependant on your setup.

The system will prompt the logged-in administrator to grant access in real time, or if the administrator is not logged in, an email can be sent requesting access.

Chambers and sub-organisation security

The Meddbase security system allows the setup of a chamber-style hierarchical company structure, offering organisations the option to setup and create sub-organisational structures. The system administrator can setup users and roles under each sub-organisation and furthermore setup granular security rights within the sub-organisation.

Each sub-organisation contains its own setup of patients, scheduling information and financial data. Users from the main organisation can be granted access rights to specific areas of the sub-organisation, such as scheduling information, or access can be completely restricted.