Secure sharing
Healthcare ecosystems are moving towards interoperability. All stakeholders want to be able to access relevant patient records, medical devices or mobile health apps data.
Scaled Access's externalised authorization platform offers healthcare institutions and medtech companies the ability to scale access and empower care providers or patients to conveniently share records or tools themselves.
Our cloud-based engine grants personalised permissions in a blink of an eye, by retrieving information about the access request – what type of person wants to access which records to do what - and matching them with the access policy rules in place.
.
Not a patient, your patient
We help health institutions and medtech companies build the access policy rules and define use cases to ensure only the right people are getting access.
Our advanced authorization logic includes roles, attributes and relationships.
For example, you can create a rule that the patient’s primary care doctor can share the patient's physiological data with a specialist or that the patient can share their own data
with family members.
After all, the focal point of healthcare is the patient - time to let them have more control.
Telemedicine &
preventive healthcare
Telemedicine security includes specific problems such as secure access to video conferencing, privacy as well as physical safety.
Physical safety, for example, detection of hypertension, has to be evaluated remotely. Scaled Access provides vital fine-grained access to preventive health care apps data and functionalities, while safeguarding the patient's data protection rights.
Patient consent
Access to health and genetic data should only be given with explicit patient consent (with some break glass mode exceptions).
We ensure patient records are accessed strictly under the conditions that the patient gave explicit consent to. That means without consent, no authorization is given.
We of course also provide user-to-application consent.
Built for privacy & security
Healthcare networks are comprised of actors who use various devices to request access. Authorization is granted in the form of OAuth 2.0 JWT access tokens in real time.
These tokens are used exclusively to grant permissions. They do not include any identifiable information about the user nor the circumstances of access. All that information remains hidden and cannot be intercepted.