Planmeca Romexis® – privacy and security above all else

As cyber threats are increasing in volume and complexity, the importance of data privacy and security cannot be overstated. Keeping personal and patient data safe should be a top priority for all dental organisations and considered in all aspects of their operations. We have built security into our Planmeca Romexis® software since day one – making it easy for all users to follow responsible practices and meet tightening regulatory requirements.

The processing and archiving of sensitive and high-value patient information places high demands on dental organisations. The unauthorised viewing or theft of personal information and ransomware attacks are some of the risks dental organisations should protect themselves against. While software alone cannot eliminate all risks, a well-designed and correctly configured software can greatly help dental organisations in mitigating privacy and security risks.

Planmeca Romexis® is a mature tried-and-tested software that has had strong security built-in from its inception. In Romexis, the encryption of network traffic and passwords as well as granular user and permission management have always been standard features. Additionally, operating a single centralised software, such as Romexis, for all dental imaging greatly reduces the IT workload compared to managing multiple separate software with local patient databases on client workstations.

Over the years, Romexis has undergone several major security facelifts where the architecture has been further hardened. Its security design conforms with the requirements of CE and FDA certifications. Furthermore, every release is tested with industry-standard automatic vulnerability scanners, and the software is regularly reviewed by a 3rd party security consultant.

GDPR and HIPAA compliance

The Romexis software includes various features that allow organisations using it to process personal information to meet the regulatory demands in their area. Guidance on Romexis features that help your organisation reach compliance is available in the following document:

Planmeca Romexis Best Practices Related to GDPR (pdf)

3rd party security assessment

The security of Romexis has been reviewed by a 3rd party cybersecurity services company, Nixu Corporation. According to the review, Romexis received the best overall security status (good on a scale of good, moderate or inadequate).

Standard security features

Romexis has various built-in standard security features that allow your organisation to minimise the risk of malicious use of the software by internal users or external actors. Some of these features can be optionally enabled, and guidance for their proper use is available in the technical documentation of Romexis. These include basic features, such as per-user mandatory login and group level granular permissions to different Romexis functionalities.

List of standard security capabilities in Planmeca Romexis®

• Access management
  • Person authentication
  • Authorisation
  • Automatic log off
• Application hardening by limiting unnecessary ports and services

Compatible features that are not included in Romexis and that require user activity during the installation to enable

• Health data storage confidentiality
  • Database encryption using MS SQL transparent data encryption (TDE) feature
  • Operating system provided disk encryption
• Compatibility with standard data backup and disaster recovery software
• Compatibility with standard virus and malware protection

Please note that not all of the above are enabled by default but require user activity during the installation time. Please refer to the Romexis Technical Manual for detailed instructions.

Detailed checklists, such as Manufacturer Disclosure Statement for Medical Device Security (MDS2), are available upon request.

We strongly recommend that all our customers upgrade to the Romexis 6.3 version or newer and maintain their Romexis installation at the latest version to benefit from all the latest security improvements.

Text: Osku Sundqvist, Director, Software Business Development, Planmeca Oy
Image: Getty Images
 

Planmeca Oy and Planmeca Group
Planmeca Oy is one of the world's leading dental equipment manufacturers, with a product range covering digital dental units, CAD/CAM solutions, world-class 2D and 3D imaging devices and comprehensive software solutions. Privately owned and headquartered in Helsinki, Finland, the company offers a portfolio of products distributed in over 120 countries worldwide. Planmeca Oy is part of the Finnish Planmeca Group, which consists of several healthcare technology brands, each committed to innovation and design. With 4,500 employees worldwide, Planmeca Group companies achieved a combined pro forma turnover of EUR 1.2 billion in 2021.
www.planmeca.com

Tags: