MEDICOM does not retain or store electronic protected health information (ePHI) due to the proprietary, peer-to-peer mechanism that is leveraged for sharing, viewing, and accessing health information directly from each source.
MEDICOM’s servers are used for the purposes of authenticating two peers to establish a connection and recording an audit entry for each transfer. The connection between two peers and MEDICOM’s servers is severed prior to the transmission of any data through the peer-to-peer data channel.
INDUSTRY LEADING ENCRYPTION
MEDICOM utilizes a proprietary encryption method to provide industry leading security. Connections established by MEDICOM’s server are created using 2048 Asymmetric DTLS keys and use AES-256 keys to encrypt data at rest. Additionally, MEDICOM’s system requires a DTLS handshake in order to set up a data channel between peers.
COMPLIANCE & SECURITY TEAM
MEDICOM has an internal compliance and security team (CST) that oversees all compliance policies, procedures, and security assessments.
ROLE BASED PERMISSIONS
MEDICOM’s system provides administrators the ability to assign user privileges and roles on a granular level. Role and privilege granularity restricts users to only have access to what is pertinent to their job functions and ensures that access controls remain consistent with internal policies.