Security and Data Ownership
Privacy and Security are first-class concerns of any modern clinical information system. VLink addresses these in several ways:

No Central Data Repository
Medical Data on the VLink network is stored only within the internal network of one of the participants. All of the network security measures of that organization are used to protect and control access to its data. This also means that the data is clearly owned by that institution.

Fine-grained Trust Relationships
Each organization in the network establishes a formal trust relationship with other VLink participants for a restricted set of data. For example, data on a certain patient may only be sent to a trusted doctor who also treated the patient. This way, even if a doctor’s computer system is compromised, there is no way for the intruder to fetch hispital data for unrelated patients.

Digital Signature Certificates
Although it is possible to be certain that only the recipient of a message can decrypt it, it is not possible to be certain the recipient is the person they claim to be. Certificate Authorities (CA) solve this problem by creating a unique certificate for independently verified individuals. All participants in the VLink network are assigned a digital certificate only after they have completed the VLink validation and verification process.

Encrypted Communication
All communication outside an organization’s private network is encrypted using industry-standard encryption techniques. Both the client and the server are mutually authenticated using a public key infrastructure (PKI) to ensure that authenticity of each party.