How we handle collected data
When you develop a remote monitoring service on mSafety, health data privacy is straightforward from day one. There is no need to patch privacy retroactively.
mSafety has a reliable data framework for managing and scaling IoT devices in a wearable-based service, built on the AWS IoT Core platform. With mSafety, the devices automatically and securely transmit data with the backend, without any input needed from the user or service provider.
The backend architecture manages the devices from the day of manufacturing. Once the customer endpoint is set up, the data is routed directly with secure, zero-touch onboarding.
mSafety provides a trusted integration to REST APIs for data and device management. mSafety customers can also adjust access management through the mSafety web interface or the APIs provided.
From hardware production to the customer endpoint, data security and privacy are built into the mSafety architecture. For instance, Sony controls the entire device manufacturing process and provides warranties for produced devices.
Thanks to the comprehensive chain of trust, once a customer’s devices are in operation, the application data from the wearable to the customer’s endpoint is end-to-end encrypted.
The interface between the wearable and the mSafety Cloud backend is secured through TLS 1.2 with Server & Client (wearable) mutual authentication. Partner unique TLS client private key and X.509 Client Certificate is provisioned into the wearable.
mSafety supports end-to-end encryption of application data from the partner’s wearable application to the partner’s endpoint so that application data is never visible during transfer nor in the mSafety Cloud backend.
With your service based on mSafety, you control all collected health data. No third party, including Sony, will have access to the sensor data you collect.
This is one of the many reasons a solution developed on mSafety becomes an organic part of your healthcare service, not an accessory. mSafety enables customers to fully manage and own the collected data. Of course, the solution meets both GDPR and HIPAA regulations.