Brainlab Cloud Services:
secure cloud image storage
The privacy and security of your and your patients’ personal information is our highest priority.
The following page describes the Brainlab Cloud Services security features we have within our software as well as the organizational policies Brainlab has in place to ensure the confidentiality of your personal information and all Protected Health Information (PHI) of your patients.
How we ensure the confidentiality of your personal information
Pseudonymized Patient Data
Brainlab Cloud Services offers the option to upload and share de-identified patient information by choosing an “Pseudonymization” option when uploading data. When this option is selected, users are reminded to remove visible patient information from the DICOM dataset before uploading.
Individual and Group Privacy Settings
Brainlab Cloud Services is a password-protected platform, which prohibits profile and group information from appearing on Internet search engines. Users and groups may choose to prevent their contact information from being visible to other Brainlab Cloud Services users.
As a secure image storage platform, images, attached documents, and comments are only viewable by the individual user and those contacts that have been granted access to the specific patient folder.
Brainlab Cloud Services users are able to define specific data handling permissions for each contact with whom they share patient data. Users define permissions for tasks including viewing, downloading, and uploading additional medical data.
Secure Data Centers
Brainlab Cloud Services offers secure online storage. All user-generated data is stored on servers that are located in secured facilities with 24/7/365 surveillance. Brainlab Cloud Services utilizes data centers which are ISO 27001, SOC 1/SSAE 16/ISAE 3402 (formerly SAS70), and FISMA certified and accredited.
Brainlab Cloud Services file data is stored within Amazon Web Services AWS (S3), a robust storage service designed for 99.999999999% durability.
Brainlab Cloud Services user credentials, account data, and patient data are stored separately for increased security.
Advanced key management and access control systems ensure that Brainlab Cloud Services patient data is accessible only to users who own the data or have been explicitly granted access rights by the data owner.
All patient data for registered users in the United States are stored only on servers located within the US, and all patient data for registered users in Europe are stored only on servers located within the EU.
SSL Encryption and Password Security
Brainlab Cloud Services encrypts patient data during upload and download, as well as throughout the entire storage period.
Brainlab Cloud Services employs the SSL/TLS data transmission protocol. The supported protocol versions and signature algorithms are frequently monitored and tested. Client handshakes with insecure or deprecated protocol versions are blocked by the Brainlab Cloud Services platform. All files stored within Brainlab Cloud Services are encrypted using the AES symmetric-key encryption standard with a 256-bit key. The underlying Quentry.com certificate is issued by GlobalSign.
Brainlab Cloud Services user passwords must be a minimum of 8 alphanumeric characters, contain a mix of upper-case and lower-case letters, at least one numeral, and are case sensitive.
Security Certifications
HIPAA Compliance
Brainlab is committed to complying with applicable rules and regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH) through the implementation of stringent privacy and security policies and procedures.
Brainlab has defined the following roles and responsibilities and has measures in place to meet or exceed HIPAA compliance:
Brainlab employs a HIPAA/Security & Data Privacy Officer who is responsible for compliance with HIPAA/HITECH rules as well as Federal, and State laws relevant to privacy and compliance.
Brainlab also has dedicated HIPAA responsible personnel for individual products. It is their responsibility to coordinate compliance with the HIPAA Security Rule, to fully understand how it applies to their product, to oversee the enforcement of patient privacy rights for the complete product lifecycle, and to receive and respond to complaints of alleged non-compliance with HIPAA.
Brainlab trains all employees on HIPAA and Data Privacy Protection as well as dictates guidelines for handling personal data as per HIPAA.
Grade A rating from Intel® McAfee security assessment
Sensitive patient data should remain secure and never fall into the wrong hands.
We have gone to great lengths to ensure a high level of security is built into Brainlab Cloud Services, to minimize the risk of outside threats.
A security assessment conducted by Intel® McAfee evaluated exposure to known security vulnerabilities to determine the extent to which these services are susceptible to an attack or penetration from the Internet.
The test concluded that Brainlab Cloud Services is subject to a low risk of attack and received a Grade A (highly secure) rating.
See Affirmation Letter from Intel for more details.