Medicus IAM is the identity and security service behind Medicus. It signs you in, protects your account, and keeps you in control of your data across every Medicus product.
Built on OAuth 2.0 and OpenID Connect, the same protocols trusted by banks and major platforms, so your password is never shared with the apps you use.
Add a second layer with an authenticator app (TOTP) or a passkey (WebAuthn), so only you can get in, even if your password is ever exposed.
Your data is encrypted in transit with TLS and at rest with AES-256. Passwords are never stored in plain text; we keep only a salted PBKDF2 (HMAC-SHA256) hash. Your sign-in tokens are RS256-signed, short-lived, and rotate automatically, so a stolen token can't be reused.
Granular, unbundled consent for our Terms and Privacy Policy, with a full, versioned audit trail. You can review, export, or delete your data at any time.
Every security-relevant action is logged and continuously monitored, and strict tenant isolation keeps each organisation's data fully separate, protected to medical-data standards.
Built on open standards
Medicus is built to healthcare standards, independently aligned with the regulations that protect your health data.