At MediBrix, we adhere to all applicable laws and regulations. As we work with information technology and handle personal data, we pay special attention to GDPR and EU guidelines. Additionally, we hold ourselves to the highest ethical standards.

We are committed to ensuring that your health information is handled as securely as possible. We continually strive to ensure that MediBrix and our services comply with all current national and European regulations

MediBrix uses subcontractors. Some provide infrastructure for our solution, while others offer technology that we use to create effective and secure services.

We are committed to ensuring that all personal data stored in our solution is encrypted and kept within the EU/EEA. We invest significant resources in protecting your data.

Many of our services require sharing certain information about you. For example, it might be with healthcare professionals you’ve scheduled an appointment with for a flu vaccination, or it could include phone numbers and payment details when making a purchase. Such information is necessary for the service you wish to use to function properly. We only process information that is strictly necessary.

We have established data processing agreements with our subcontractors to ensure information security throughout all stages of processing. These agreements allow us to manage the subcontractor’s use through inspection, control, and restriction. For subcontractors located outside the EU/EEA, we also enter into the EU’s standard contract for transfers to third countries or other approved transfer mechanisms, with additional safeguards if needed. We also assess whether subcontractors meet the EU’s heightened privacy requirements. We continuously work to ensure that we and our subcontractors comply with privacy regulations, regardless of their location.

We conduct continuous security tests of MediBrix. An external partner with expertise in testing technical integrity and information security for IT platforms performs regular security audits of MediBrix and reports the results to us.

MediBrix is a collaboration platform built on the leading information technology available in the market. Our technologists use the most secure coding methodologies when developing services.

At MediBrix, we are committed to excellence in security. Our operations are based on the information security standard Normen, and we also operate under a Zero Trust principle. This means we assume that we must make the solution as secure as possible to prevent unwanted events, regardless of their origin.

Our platform employs advanced encryption and secure login technologies. We have also designed the platform to include additional layers of encryption between services, between services and storage, and other platform functions.

At MediBrix, we have systems and personnel dedicated to continuously monitoring and managing information security and incidents. We also store our own personal data within Health Book, and we work collectively to ensure that our data is protected to the highest standard.

We systematically ensure that our services comply with the General Data Protection Regulation (GDPR) and current national laws. 

Additionally, we are ISO 27001 certified, which is the most recognized international standard for information security. Our certification demonstrates our commitment to information security and our ongoing efforts to ensure that personal data remains protected. You can view our certificate here.

We have been ISO 27001 certified since January 2021, which means our Information Security Management System (ISMS) meets the requirements specified in ISO/IEC 27001:2022.

ISO 27001 is the most recognized international standard for information security globally. The standard takes a comprehensive approach to IT security and outlines best practices for protecting data and digital content.

Our certification demonstrates our commitment to information security and our ongoing efforts to ensure that personal data remains protected.

This is an ongoing process, and we undergo annual audits. We have recently completed our fourth ISO 27001 audit.