Maximum Protection of Health Data
IT security and data protection are central foundations of digitalization in healthcare. In developing our platform, we rely on secure infrastructure, strict data protection principles and certified standards.

What you can count onwith Recare
Health data is among the most sensitive data. That's why we apply the highest security standards for our infrastructure, development and operations.

Encryption of Sensitive Data
Messages, documents and metadata are transmitted in encrypted form across all communication channels.

No AI Training with Patient Data
Patient data is not used for AI training. We exclusively use anonymized and aggregated data without personal references.
.avif)
Secure Infrastructure
Our platform runs on proven technologies and is operated on servers in Germany.

Strict Data Protection Principles
Data is processed in the smallest possible quantity at every step of the process.
Certifications and Regulatory Standards
Recare is ISO 27001-certified, fulfilling the international standard for information security management systems.
In August 2024, Recare received its attestation under the BSI Cloud Computing Compliance Criteria Catalogue. In June 2025, the C5 Type 2 attestation followed.
We fulfil all technical and organizational measures of the General Data Protection Regulation as well as national data protection and hospital laws.
Technical Security Architecture
Patient data is encrypted in the customer's internet browser before being transmitted to Recare.
Encryption ensures data remains protected even in the event of a breach. Additionally, we have outsourced part of the encryption to a third-party provider based in the EU, creating an additional physical barrier between the encrypted data and its corresponding keys.
The processing of patient data takes place exclusively within
the European Union.
We commission annual penetration tests as well as code and platform security reviews by external parties to rigorously test our platform. Additionally, emergency simulations are conducted to practice system recovery.
Industry Standards and Interoperability
Since our founding, we have relied on end-to-end encryption for sensitive content. The exchange of messages and data is encrypted, GDPR-compliant and fully documented — including for MDK audits.
Recare is actively involved in the early development of industry-wide standards such as ISiK, ISiP or MIO, and supports structured data exchange in healthcare.
Messages, documents and metadata are transmitted in encrypted form across all communication channels.
FAQs on Data Protection
Health data is among the most sensitive data. Recare therefore relies on multiple security mechanisms: encryption of sensitive data, strict data protection principles during processing, and a secure infrastructure on servers in Germany.
Yes. Messages, documents and metadata are transmitted in encrypted form across all communication channels. Patient data is encrypted in the customer's internet browser before being transmitted to Recare.
The processing of patient data and hosting take place exclusively in Germany.
Recare is ISO 27001-certified, fulfilling the international standard for information security management systems. Additionally, the platform holds an attestation under the BSI Cloud Computing Compliance Criteria Catalogue (C5).
Recare regularly commissions penetration tests and code and platform security reviews by external parties. Additionally, emergency simulations are conducted to test system recovery in case of an incident.
Rethink care. Plan next steps.
Find out in a no-obligation consultation how AI-powered workflows can simplify administrative processes.

