© Topcon Healthcare, Inc. 2025

LOGIN
INDEPENDENT GOVERNANCE COMMITTEE GOVERNANCE COMMITTEE Independent governance committee TRANSPARENT POLICIES AND PROCEDURES POLICIES AND PROCEDURES Transparent policies and procedures SECURE COMPUTING INFRASTRUCTURE COMPUTING INFRASTRUCTURE Secure computing infrastructure
BACK BACK Back INDEPENDENT GOVERNANCE COMMITTEE GOVERNANCE COMMITTEE Independent governance committee TRANSPARENT POLICIES AND PROCEDURES POLICIES AND PROCEDURES Transparent policies and procedures SECURE COMPUTING INFRASTRUCTURE COMPUTING INFRASTRUCTURE Secure computing infrastructure

Secure computing infrastructure

Building confidence through data quality and security

Our infrastructure is designed to uphold high standards of security while maintaining data quality through accurate metadata, consistent labeling, and adherence to industry best practices. By combining multi-layered security with rigorous data governance, we provide a trusted foundation for data that is protected, precise, and ready for use.

null

Data de-identification process

Data collected for research purposes is de-identified to the highest standard before transferring out of the clinical environment.


De-identification methods include identifier tokenization by cryptographic hashing and date shifting. De-identification maintains longitudinal relationships in the data without compromising Personally Identifiable Information (PII).

Data cleaning process

IDHea invests in its rich repository of real-world data by employing cleaning mechanisms that ensure that the data is efficiently structured, consistent, and complete.

Cloud multi-layered security

IDHea has implemented a proactive layered security approach that employs several unique security components, each of which serve a particular function and protect various things to safeguard operations, computing infrastructure, and services.

IDHea’s multi-layered security strategy includes the following safeguards:

LayerSafeguards
Physical layer

Physical security by Microsoft for Azure data centers.

Data link layer

Logical segmentation, Network Security Groups (NSGs) for resource isolation and filtering, security monitoring for unauthorized access.

Network layer

Azure firewalls, virtual network segmentation, and traffic monitoring.

Transport layer

Role-based access control (RBAC), encryption in transit, firewall-based filtering, monitoring for suspicious traffic.

Session layer

Single sign-on (SSO), Multi-factor authentication (MFA), session timeouts, and monitoring for unauthorized access.

Presentation layer

RBAC, key-based encryption for data at rest, TLS for in-transit encryption, and monitoring.

Application layer

RBAC, Azure Firewall (L7), PaaS firewalls, Databricks dedicated workspaces and access control (SSO, MFA), virtual network segmentation, with monitoring for application-level threats.

Physical layer

Physical security by Microsoft for Azure data centers.

Data link layer

Logical segmentation, Network Security Groups (NSGs) for resource isolation and filtering, security monitoring for unauthorized access.

Network layer

Azure firewalls, virtual network segmentation, and traffic monitoring.

Transport layer

Role-based access control (RBAC), encryption in transit, firewall-based filtering, monitoring for suspicious traffic.

Session layer

Single sign-on (SSO), Multi-factor authentication (MFA), session timeouts, and monitoring for unauthorized access.

Presentation layer

RBAC, key-based encryption for data at rest, TLS for in-transit encryption, and monitoring.

Application layer

RBAC, Azure Firewall (L7), PaaS firewalls, Databricks dedicated workspaces and access control (SSO, MFA), virtual network segmentation, with monitoring for application-level threats.