Data protection: We play it safe.

Nowhere else is data protection as important as in health care: Health data are special “personal data” as such and must be treated with special care. We take care that they are reliably protected – for a trustful doctor-patient relationship.

Maximum data protection thanks to strong encryption

Protecting the sensitive health data of your patients is particularly important to us.
For this reason Idana guarantees a high safety standard. Our innovative encryption concept is always kept up to date by our developers and checked for stability by an independent data protection officer.


Zero-Knowledge Encryption

No one but you can access your patient data.


Secure log-in to the system

Professional identity management via Auth0.


Fully automated backups

Your data will be comprehensively protected against loss.

Idana SafeCloud: Reliable and efficient

Idana SafeCloud technology stands for maximum comfort and data protection in everyday medical work.

Why a Cloud Database?

Cloud computing enables the provision of IT infrastructures such as storage space or computing power without the need for them to be stored locally. So the cloud is nothing else than a highly efficient, resource-efficient data center that offers you a number of advantages.

Advantages of the Cloud Database

Compared to local server solutions, a cloud database offers you tangible advantages in everyday practice:

  • Location- and device-independent access to your own data
  • No installation and maintenance of own servers
  • Conserving resources – for environmentally conscious IT
  • High speed and reliability
  • Best data security thanks to professional data centers


Is Medical Secrecy Guaranteed?

Idana SafeCloud technology encrypts all patient data in the client, i.e. on the PC/tablet/smartphone, and stores it in encrypted form in the cloud database. Neither we nor the operators of the data centers can read your data – because only you have the correct key for decryption.

This type of encryption makes patient data anonymous for third parties before it is transferred to the Idana SafeCloud and allows you to use the cloud database in full compliance with basic data protection regulations, state hospital laws and medical confidentiality. We have had this confirmed by the lawyer and data protection officer Klaus-Christian Falkner.

Is Idana HIPAA Compliant?

Although our Idana SafeCloud technology makes patient health information unreadable before it is transmitted (thus counting as no-view service), a business asscociate agreement (BAA) is required to ensure confidentialiy, integrity and availability in accordance to the HIPAA Security Rule (, section 2)

At this moment, we cannot provide a BAA.

However, US customers can rely on Idana Local where encrypted patient health information is only stored by us temporarily before it is sent to your own database. In this case, the HIPAA Conduit Exception Rule can be applied, waiving the need for entering into a BAA with us (, section 3).

Your time is too valuable to waste on IT
– that’s why we developed the Idana SafeCloud.

Idana Local: Database on Your Own Server

You want to store patient information on your own server?

That’s possible! We have developed Idana Local especially for clinics.

Idana Local stores all patient data on a local database. New answers can still be imported via the Internet – even remotely – without opening your own firewall. This is made possible by Idana Local immediately copying incoming responses to the local database and deleting them from the cloud database.

Idana Local is available to all users as an add-on module.

Tomes GmbH
 Engesserstr. 4a | D-79108 Freiburg
 +49 761 6006784-0

© Tomes GmbH 2018

The information provided by Idana may not be interpreted or used as a substitute for medical advice and therapy. The application is not intended to replace or provide a basis for medical diagnoses and/or treatments. The application is not a medical device according to its intended purpose. The provider accepts no liability for consequences resulting from the user or third parties using the data and information entered or generated.