Compliance to Regualtions & Standards

medXchange complies with the strictest data protection laws and regulations covering the protection of personal health and medical data. Positive opinions will be received by all European national data protection authorities and in particular the Swiss Federal Data Protection Commissioner and CNIL, the French Data Protection Commission.

In March of 1997, the US National Research Council, NRC of the US National Academy of Sciences issued the report, "For the Record: Protecting Electronic Health Information". Thirteen technical implementation practices were recommended.
medXchange complies to all thirteen recommendations. These are:

• Individual authentication of physicians and healthcare professionals.
• Access control to selected information and documentation in the individual Electronic Medical Record
• Audit controls and tracing of all data accesses, data entries and data updates.
• Physical security and disaster recovery
• Protection of remote access points through secure sessions, firewalls and access key encryption.
• Protection of external electronic communciations through secure sessions and encryption.
• Sofware discipline and protection from viruses and external attacks.
• System assessments and audits on security and system vulnerability
• Strong authentication of physicians, healthcare professionals and patients
• World-wide authentication and unique healthcare professional and patient ID.
• Expanded audit trails of world-wide trace and audit information.
• Electronic authentication of records through electronic signature.

The medXchange Meta Database and services comply with the US Health Insurance Portability and Accountability Act of 1996, HIPAA Administrative Simplification.

US national standards are established for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addresses the security and privacy of health data.

The "Projet Dossier Patient 2003" initiated by the Swiss University Hospitals has issued a quality standard evaluation document "Standards de qualité pour le dossier patient informatisé" (Quality standards for electronic patient records). Nine areas are evaluated which deal with business strategy, management commitment, partnerships, technology strategy, operations, patient and healthcare professional satisfaction, and effect on healthcare.
The Quality Standards for Electronic Patient Records is based on the Excellence Model of the European Foundation for Quality Management (EFQM). This model takes 9 basic criteria into account.