MediData uses Nevis software to protect healthcare data for service billing
To ensure that it is optimally positioned for the future, MediData began building a new “MediData Network” in 2017. The new platform is exceptionally powerful and up to date in terms of security. It also offers users greater convenience and additional services alongside service billing.
The MediData network is provided in three different infrastructure formats. With the MediData Box, smaller practices and organisations receive a mini-computer as a stand-alone connection, while larger practices, which often work with a virtual IT infrastructure, receive a virtual appliance. In addition, a technical solution is provided for software providers that operate their industry applications in the cloud. Users are generally provided with online services and products that run exclusively on an appliance provided by MediData. These products also include service billing in the form of so-called “transport products”. MediData only provides the infrastructure for such data transport and cannot read the encrypted data itself.
The central challenge of the project was to secure the new MediData network in such a way that only authorised individuals could access the sensitive data.
In collaboration with Adnovum, MediData initially devised its security concept in 2017. During the implementation of its new platform over the following two years, MediData benefited significantly from Adnovum’s technical support. Within the MediData Network, the individual applications – including the customer portal, in which customers can configure their settings, and the internal support department tool – are protected by the Nevis Identity Suite.
To ensure that no unauthorised individuals can access the sensitive billing details, the appliance products are secured by OAuth. Users register with the system using a private key and a public key, while access is provided via an access token. The underlying technical expertise is delivered by Adnovum. A particular challenge arose from the fact that registration expires after a certain period. For this reason, MediData and Adnovum developed a framework in which registration is automatically renewed. Ensuring multi-client support was also an important point. This is because some of the admins are healthcare practice assistants who work in just one group practice but act as administrators for multiple organisational units. Using the Nevis tool, a solution was adopted that enabled users covering multiple units be added with a variety of different roles.