Trust and Data Privacy
iCure adheres to the highest security and privacy standards through asymmetric end-to-end encryption. It replicates the trust network among healthcare professionals using a PKI (Private Key Infrastructure). Encrypted on HCP computer. Stored encrypted in the cloud. Open source and externally auditable encryption algorithms.
iCure manages massive sets of medical information in the cloud and must ensure that this data stays private. Breach of privacy or misuse of medical data can have disastrous consequences for the patient and the provider. iCure limits the risk of those breaches for the solution provider and the application stakeholders by ensuring that the data is anonymized and encrypted on the computer as it is being typed, using a keys system that prevents anyone but the key holders to decrypt it.
When data needs to be exchanged between two HCPs, a peer-to-peer exchange of keys allows the information to be shared. Even when it is shared, the access to the data is still controlled by the encryption algorithm. Access rights cannot be circumvented, as they are enforced through cryptography. By sharing data with peers, the HCPs build a trust network that replicates the real-life trust network that emerges around a patient being treated by a care team. iCure integrates a roles/rules engine, to automatically share (specific) data with designated healthcare professionals.
Public key/private key encryption is central in the iCure data model. Each sensitive piece of data is protected when created using a unique encryption key, cryptographically shared with the HCPs that need to access this specific information. Sensitive data is never saved in clear inside the local or remote database. This ensures that any subsequent synchronization only pushes encrypted data in the cloud.
The source code responsible for the encryption and recording of medical data is Open Source, the algorithms are public and available for audit. This ensures that the process taking place during the collection and encryption of information is secure and that no information can be leaked before it is protected by the HCP keys.
Read on gitbook