Key Security Features:
- Permissions and roles management allows you to determine staff access levels.
- Customisable password strength requirements and expiry.
- Compatibility with all major HL7 secure messaging systems.
Doctor's App Security
The Doctor’s App connects to the Gateway via HTTPS. As the user moves around the app, information is retrieved from the Clinic via calls through the API Gateway to the API Service. There is no data cached, or any data saved to the device.
Authentication is achieved by setting up a user as being able to use the Dr’s App in Zedmed Office in the Security dialog. A QR code is presented to the user, which they then scan with the App on the phone. The user then enters their Zedmed username and password into the App to authenticate. If this is the first time the user has logged in on this device, a one-time pad is sent via SMS and the user is prompted to enter this number into the App.
The gateway receives REST requests from the Dr’s Apps, looks up the connection for the clinic from information in the request, repackages the request and sends it to the API Service via the web sockets connection. When the response from the API Service is returned, it is unpacked, the original connection from the Dr’s App is looked up and the response is returned to the Dr’s App.
The Gateway also handles sending the one-time pad via SMS to the Dr’s App during the initial pairing of the Dr’s App to the Clinic’s API Service.
The API Service is installed on the Clinic’s Zedmed server. It connects to the Gateway via a web socket or long poll and receives requests through this connection. This connection does not require opening any external ports on the clinic’s firewall. Each request is received, the users authentication is checked, and then the data that is requested is retrieved from the database and sent back to the Gateway.