Data security

High-level security and compliance.

High-level information security.

Medline follows industry best practices and complies with all applicable industry standards such as Personal Information Protection and Electronic Documents Act (PIPEDA), PHIPA, Health Insurance Portability and Accountability Act (HIPAA), SOC2, Medical Device Single Audit Program (MDSAP) as per FDA standards as well as ISO 27001.

Security and Compliance details 

  • Medline adheres to the highest standards of information security and performs annual internal and external audits of our security posture for corporate IT systems and software application.
  • Medline also conducts regular vulnerability scanning, penetration testing and static code analysis on all Skin & Wound products.
  • The NE1 mobile application can be used online and offline with background upload. All the data is secured and encrypted between the mobile device, NE1 dashboards and our cloud services.
    – Data encrypted in-flight (HTTPS TLS1.2)
    – Data encrypted at-rest (AES256)
  • Mobile applications cannot be run on rooted hardware devices, and data files are only stored within the secure application container and are removed once the application is uninstalled
  • Medline has implemented hardened benchmark AMIs, file integrity monitoring and intrusion detection into our SIEM centralized logging platform for security, alerting and auditability.

User Account Security Information

  • User access can be remotely administered: granted or revoked.
  • RBAC with support for custom roles allows for granular controls matching your company policies.
  • User password complexity / strength requirements configurable by policy.
  • User access token timeout based on app foreground and background.
  • Configurable PIN settings for balancing access convenience with IT security requirements.
  • Brute force protection with account lockout.

Cloud Backup, Recovery and Maintenance

  • The NE1 application has a 99.9% uptime with optimized content delivery.
  • All of our customer data is stored securely in AWS cloud (US-East and Canada-Central) with daily RDS backups retained for a 30 day period and binary payloads uploaded to S3 supporting cloud object versioning for easy backup and restore.
  • All patient data modifications are immutable to support data integrity and auditability.
  • NE1 utilizes blue/green deployments for zero downtime software updates.

Integration

  • NE1 API middleware leverages industry standard information exchange protocols like HL7 and FHIR to transfer information in real-time bi-directionally between your systems and the Skin & Wound App, eliminating double documentation.
  • Clinical staff can see the relevant patient list to optimize the experience at the bedside (via HL7 ADT).
  • Clinical staff can view the discrete wound data captured in the app within the Patient Flowsheet (via HL7 ORU).
  • NE1 supports federated authentication via Single-Sign-On with OAuth 2.0, SAML 2.0, LDAP, ADFS, Smart on FHIR as well as multi-factor authentication options including One-Time-Password over email.