Security concept at TOM
Your treatment data in TOM is linked with a randomly generated 12-digit recovery code. This code is stored separately from your health data and is also encrypted. Only you know this number. Even we cannot access it. That’s why it’s important to keep your recovery code safe.
Secure servers in Germany
All your data is stored in a data centre in Germany certified to ISO 27001 and ISO 9001.
Encryption
Asymmetric encryption is used whenever data is transferred between TOM and the servers. We use a communication protocol so that data can be transferred securely. This is regularly reviewed and adjusted to meet security requirements.
Data storage
Your personal health data is always stored in encrypted form. At no point does your data become readable in unencrypted form. The concept of TOM, and the whole system, follows the ‘security by design’ principle to incorporate all the relevant security elements.
Helping improve treatment adherence
On principle, no personal data is passed to third parties. Through TOM, we help people to adhere to their treatment; thus, we make a contribution to better healthcare and in turn medical advancement. The anonymous TOM treatment data is provided for research purposes in aggregate form only.
System monitoring
The live environment and all the connected systems and applications are monitored continually, 24/7, 365 days a year, so that we can promptly prevent a critical system status.
We use standardised and individual tests to regularly review the security requirements. This not only ensures that the applications remain stable, but also identifies any potential security gaps early on.
