Cybersecurity for MediData Network

MediData partners with Adnovum to protect healthcare data for service billing

https://f.hubspotusercontent-eu1.net/hubfs/25013463/IMAGES/03_Clients/MediData/medidata_testimonial.png

«The core challenge of the project was to secure the new MediData Network in such a way that only authorized individuals could access sensitive data.»

Cristiano Dias

Software Developer at MediData

The challenge

To optimally prepare for the future, MediData started building a new «MediData Network» in 2017. A powerful platform with up-to-date security that offers users high-level comfort and additional services alongside service billing.

The MediData Network is provided in three different infrastructure formats. With the MediData Box, smaller practices and organizations receive a mini-computer as a stand-alone connection, while larger medical practices, which often work with a virtual IT infrastructure, receive a virtual appliance. In addition, a technical solution is provided for software providers that operate their industry applications in the cloud. Users are generally provided with online services and products that run exclusively on an appliance provided by MediData.

These products also include service billing in the form of so-called «transport products». MediData only provides the infrastructure for such data transport and cannot read the encrypted data itself. Therefore, the core challenge of the project was to secure the new MediData Network in such a way that only authorized individuals could access sensitive data.

The solution

In collaboration with Adnovum, MediData initially devised its security concept in 2017. During the implementation of its new platform over the following two years, MediData benefited from Adnovum’s technical expertise. Within the MediData Network, the individual applications – including the customer portal, in which customers can configure their settings, and the internal support department tool – are protected by the Nevis Identity Suite.

To ensure that no unauthorized individuals can access sensitive billing details, the appliance products are secured by OAuth. Users register using a private and a public key, while access is provided via an access token. Adnovum guided the technical implementation of the project and helped meet one specific challenge during the project: user registration would expire after a short period of time. For this reason, MediData and Adnovum developed a system to automatically renew the registration. Ensuring multi-client support was also an important point. As some admins are healthcare practice assistants who work in a group medical practice but act as administrators for multiple organizational units, ensuring multi-client support was crucial. Therefore, a solution to assign different roles to users covering multiple units was adopted.

MediData is Switzerland’s leading platform for the transmission of digital service bills in the healthcare sector. Approximately 85% of all invoices sent digitally in Switzerland are transmitted via MediData’s servers. In 2020 alone, this equated to around 82 million documents. The company’s network includes every insurer in Switzerland, 98% of pharmacies, 95% of accident insurance providers, hospitals and laboratories, 11,000 doctors and many other healthcare professionals. MediData can therefore rightly claim to be the digital backbone of the Swiss healthcare system.

Mehr erfahren

Curious? Let’s talk.

Benefits of MediData

Now only authorized individuals can access sensitive data

Within the MediData Network, the individual applications – including the customer portal, in which customers can configure their settings, and the internal support department tool – are now secure

Users register with the system using a private and a public key while access is provided via an access token – and is automatically renewed

A solution to assign different roles to users covering multiple units was adopted