Recare AI Summit 2026 – Keynote now available.
Watch now →
Infrastructure

Maximum Protection of Health Data

IT security and data protection are central foundations of digitalization in healthcare. In developing our platform, we rely on secure infrastructure, strict data protection principles and certified standards.

ISO 27001-certified
BSI C5 Attestation
GDPR-compliant
Hosting in Germany
Graphic showing IT security and certifications at Recare
IT Security & Data Protection

What you can count onwith Recare

Health data is among the most sensitive data. That's why we apply the highest security standards for our infrastructure, development and operations.

Graphic showing end-to-end encryption at Recare

Encryption of Sensitive Data

Messages, documents and metadata are transmitted in encrypted form across all communication channels.

Älterer Mann mit weißem Bart und blauer Hemdbluse lächelt und spricht mit einer Krankenschwester.

No AI Training with Patient Data

Patient data is not used for AI training. We exclusively use anonymized and aggregated data without personal references.

Server room and data centre for secure health data

Secure Infrastructure

Our platform runs on proven technologies and is operated on servers in Germany.

Illustration of data protection principles at Recare

Strict Data Protection Principles

Data is processed in the smallest possible quantity at every step of the process.

Certifications and Regulatory Standards

ISO 27001

Recare is ISO 27001-certified, fulfilling the international standard for information security management systems.

BSI C5 Attestation

In August 2024, Recare received its attestation under the BSI Cloud Computing Compliance Criteria Catalogue. In June 2025, the C5 Type 2 attestation followed.

GDPR-Compliant Data Processing

We fulfil all technical and organizational measures of the General Data Protection Regulation as well as national data protection and hospital laws.

Technical Security Architecture

End-to-End Encryption

Patient data is encrypted in the customer's internet browser before being transmitted to Recare.

Zero-Knowledge Approach

Encryption ensures data remains protected even in the event of a breach. Additionally, we have outsourced part of the encryption to a third-party provider based in the EU, creating an additional physical barrier between the encrypted data and its corresponding keys.

Data Processing in Germany

The processing of patient data takes place exclusively within
the European Union.

Regular Security Audits

We commission annual penetration tests as well as code and platform security reviews by external parties to rigorously test our platform. Additionally, emergency simulations are conducted to practice system recovery.

Industry Standards and Interoperability

Pioneer Experience in IT Security

Since our founding, we have relied on end-to-end encryption for sensitive content. The exchange of messages and data is encrypted, GDPR-compliant and fully documented — including for MDK audits.

Interoperability in Healthcare

Recare is actively involved in the early development of industry-wide standards such as ISiK, ISiP or MIO, and supports structured data exchange in healthcare.

Secure Communication Between Facilities

Messages, documents and metadata are transmitted in encrypted form across all communication channels.

Speaker profile photo at Recare AI Summit 2026

"Our conviction: Encryption technologies at the highest technological standard should be the norm for platforms in healthcare. Since our founding, we have always strived to guarantee maximum security for our customers and patients."

Miguel Pereira
Director of Engineering, Recare

FAQs on Data Protection

How does Recare protect sensitive health data?

Health data is among the most sensitive data. Recare therefore relies on multiple security mechanisms: encryption of sensitive data, strict data protection principles during processing, and a secure infrastructure on servers in Germany.

Is data transmitted in encrypted form at Recare?

Yes. Messages, documents and metadata are transmitted in encrypted form across all communication channels. Patient data is encrypted in the customer's internet browser before being transmitted to Recare.

Where is data processed?

The processing of patient data and hosting take place exclusively in Germany.

What certifications and security standards does Recare meet?

Recare is ISO 27001-certified, fulfilling the international standard for information security management systems. Additionally, the platform holds an attestation under the BSI Cloud Computing Compliance Criteria Catalogue (C5).

How does Recare ensure a secure platform in operation?

Recare regularly commissions penetration tests and code and platform security reviews by external parties. Additionally, emergency simulations are conducted to test system recovery in case of an incident.

Rethink care. Plan next steps.

Find out in a no-obligation consultation how AI-powered workflows can simplify administrative processes.

Young man with glasses and blue shirt smiling while working on a laptop

Simpliant

Recare is supported by the external data protection and IT security consultancy Simpliant GmbH.