Security
Our Approach to Patient Data Security
How Dermi Atlas keeps patient data where it belongs, within the clinic, through a local-first architecture designed for healthcare compliance.
October 9, 2025
2 min read
Patient data security in healthcare imaging is not simply a matter of encryption and access controls. It begins with a fundamental question: where does the data live, and who controls it? Dermi Atlas was architected around the principle that patient imaging data should remain within the clinical environment that creates it.
Data Sovereignty by Design
Dermi Atlas Professional is deployed on infrastructure owned and operated by the healthcare practice. Patient images, records, and metadata are stored locally. The clinical application does not transmit patient data to external cloud servers, third-party analytics services, or remote processing systems during normal use. Administrative traffic such as license verification, software updates, and password recovery flows between the deployment and Dermi services; the authoritative description of what Dermi processes is set out in the Dermi Privacy Policy.
This local-first approach means the practice maintains custody of its patient data at all times. There is no dependency on external service availability for accessing patient records. If internet connectivity is lost, Dermi Atlas Professional continues to function without interruption.
Encryption in Transit
All communication between client devices and the Dermi Atlas Professional server is encrypted using TLS. This includes both HTTPS for the web application and WSS (WebSocket Secure) for real-time synchronization. Dermi Atlas Manager provides automated self-signed certificate generation, with automatic detection of IP address changes and certificate rotation when needed.
Audit Logging
Dermi Atlas Professional includes a configurable audit logging system that records access to patient data, authentication events, and administrative actions. Audit logs support compliance requirements by providing a verifiable record of system activity. Detailed configuration options are documented in the Audit Logging Configuration guide.
Compliance-Ready Architecture
The security architecture of Dermi Atlas Professional is designed to support compliance with major healthcare privacy regulations, including:
- HIPAA (United States) with technical safeguards for access control, audit logging, and encryption.
- PIPEDA (Canada) with data sovereignty and consent management capabilities.
- Provincial privacy laws (such as Ontario PHIPA and Alberta HIA) with locally-controlled data storage and access management.
Detailed compliance guidance is available in the HIPAA Compliance Guide, PIPEDA Compliance Guide, and Data Security Architecture documentation.
Software-Licensing Model
The Dermi commercial model is based on software licensing rather than the resale or secondary use of patient data. The handling of personal data, including any restrictions on secondary use, is governed by the Dermi Privacy Policy.
Was this article helpful?
Your feedback helps us improve our content
Related Articles
Read more news
Stay up to date with our latest announcements