Since inception MedStamp’s products have been designed to offer a compliant and secure medical image transfer and viewing platform. Our remote reporting and clinical trials solutions were created in collaboration with a leading clinical trials organisation and healthcare provider and with input from medical professionals.
Before any data is transferred it’s encrypted and compressed by the client application. While on the server the data remains compressed and encrypted at all times. Studies are automatically deleted from the server 24 hours after the study has been accessed. The server is located in a secure data centre and managed by a company which has been awarded an internationally recognised security standard (ISO27001). Alternatively the service can be deployed on the clients own servers.
Use of the integrated viewing platform enables patient data to be encrypted at all times. An authenticated client session is required to access the data. This means that if a laptop running the service is lost, patient data remains secure. For a study to be accessed by other applications it has to be exported from the MedStamp system.
Patient data is exchanged between specific named accounts. The system administrator is able to specify password policies. The controls enable compliance with FDA21 Part 11. The available policies and controls are:
- Force change of password at first sign on.
- Password changing, expiry after specified period of times.
- Secure server logging of sign on attempts.
- At no point are passwords stored on the client application, nor are they transferred between the client and the server.
- Accounts can be locked to a MAC address – meaning that on request usage is locked to specific a specific computer or computers.
- Client version control and the ability to enforce use of specific versions.
- Administrator control over contact lists and image routing.
Additional controls available to the administrator through the administration tool include:
- De-personalisation and editing of DICOM tags enabling private data can be stripped from the DICOM images prior to sending.
- Deletion (and forwarding) of any transmission using its tracking id as a reference.
- Logging of end user activities. Activities logged include upload, reporting, digital signatures, eForm completion, any export from the closed system to a file store, forwarding of images etc.).
- Logging of administrator activities.
- Various reports including logged in status / last logged in, user activity, eForm listing, exported packages.
- The ability to apply digital signatures to eForms.
- Reports which are digitally signed.
Data is encrypted to the advanced encryption standard (AES 256 bit). The solution can work over HTTP, port 80. This means that the encrypted data mimics internet traffic which limits or nulls the need to open up firewalls. Where connectivity allows the application automatically makes use of this and data is transferred in a binary format allowing for quicker transfers.