CGM LIFE is a secure cloud platform to store, share and process medical data (“CGM Medical Cloud”). The CGM LIFE platform offers several features that allow you to concentrate on your solution while sparing effort and reducing cost by using an existing basis for healthcare solutions. This documentation describes the core concepts and the features of the CGM LIFE platform that you can use to build your own healthcare-related applications.
CGM LIFE consists of several modules that provide different services for your application. These services comprise health care related catalogs and directories, secure storage of personal medical data, support for communication workflows, and a common infrastructure for secure authentication, logging and rights management.
Anonymous and personalized access levels
Some of these services can be used anonymously, i.e. your application can use these services without any association to a specific person. Other services, e.g. storage of medical data, are personalized, i.e. tied to real persons and can only be used in the context of such a person. These persons are represented by users in CGM LIFE. To access these personalized services, your application must provide login functionality to your users. During login, the personalized context, that is required to access personal data in CGM LIFE, is established.
We believe that personal medical data is the most sensitive kind of data imaginable and that it must be protected at all costs against manipulation, theft or other illegitimate access by third parties. Therefore CGM LIFE provides enhanced security mechanisms that go far beyond the usual database encryption used for example by online banking solutions and many other, conventional healthcare services. CGM LIFE provides a unique security infrastructure by storing all medical data in encrypted form only, using keys that are never transmitted to the CGM LIFE servers. Instead, we use individual per-user, client-side encryption for all personal medical data. This means that medical data is encrypted on the user’s computer/device before being sent to CGM LIFE. In addition to this, we use digital signatures (also computed on the user’s device) to provide authenticity and integrity guarantees and cryptographic authentication of all users that access medical data.
Before you can use CGM LIFE in your application, you need to register your application in the CGM LIFE App Directory. The app directory is used to advertise your application to existing CGM LIFE users. It also manages the permissions that are granted to your application, enabling access to services and medical data. You can register your application through the Partner Application Center in the CGM LIFE Partner Portal.
When a user starts using your application, he will usually sign a contract with you, regulating the rights and duties associated with the usage of your app. Definition and scope of this contract are completely up to you. In order to manage their personal medical data in CGM LIFE, your users will, in addition, need a CGM LIFE contract with CGM. This contract manages the rights and duties associated with CGM LIFE. CGM LIFE provides components that you can integrate into your application to offer sign up for CGM LIFE to your users, right from inside your application.
The following chapters give an overview of the CGM LIFE building blocks.