Data Protection & Security

Your data.
In safe hands.

Data sovereignty over clinical data stays with the clinic. OnkoPass is operated in Germany, ISO 27001 certified, BSI C5 compliant and GDPR-compliant. For us, security isn’t an add-on but the foundation.

Certifications

Audited security.

ISO 27001
Certified for the highest standards of information security.
ISO/IEC 27001
BSI C5
Compliant with the BSI Cloud Computing criteria catalog (C5).
BSI C5 compliant
Frankfurt
Server location Germany. Data stays within the European Economic Area.
AWS Region Frankfurt am Main
GDPR
Compliant, with data processing agreements and transparent consent.
EU General Data Protection Regulation
Data sovereignty

The clinic remains
the owner of its data.

Data sovereignty lies with the clinic and its patients. They decide on access, purpose and retention.

Ownership & access
Control stays with the clinic

Role-based access, traceable logging and clear responsibilities keep control where it belongs.

  • Data sovereignty with the clinic
  • Role-based access rights
  • Traceable audit logging
Consent
Transparent for patients

Patients stay in control: clear consent, revocable at any time, with a well-defined purpose.

  • Clear, understandable consent
  • Revocable at any time
  • Pseudonymization for analytics
Standards & interoperability

Open standards
instead of a data silo.

OnkoPass speaks the established languages of clinical IT and integrates securely into existing infrastructure.

FHIR R4

Resource-based exchange for connecting to hospital information systems and their subsystems.

HL7 v2

Message-based communication with established hospital and lab systems.

Encryption

Data in transit and at rest encrypted to current state-of-the-art standards.

Made in Germany

Developed and operated in Germany, ISO 27001 certified.

All certificates, security measures and compliance documents, transparent in one place.

Open Trust Center