The model of the MEMdoc and MEMdoc-Module system is designed around the principle of data separation.

The MEMdoc central server, housed at the MEMcenter in Bern, hosts the main application and the central database containing all study definitions and clinical study data.  Satellite MEMdoc-Module servers located throughout the world to store all personal data about users, institutions and patients. At the core of the system is an innovative and patent-pending architecture in which the web browser of the client is used as a hub to seamlessly segregate and integrate the data between the MEMdoc-Module and the MEMdoc central server. This design provides tightly integrated communication between the servers while increasing the security and privacy of both systems. This has been accomplished using a light weight JSON server and incorporation of SSL encryption on each module. Flexible data sharing options have been designed to restrict or expand data access to suit individual needs.  Finally, data consistency is controlled through systematic validation of received data and a rollback in case of errors.

Each module server contains a local MySQL database, an Apache web server and the custom MEMdoc-Module application. This server can sit within the same clinic as the user or in some remote location depending on the needs of the group hosting the module.The physical and network security of this server is left up to the hosting entity. Some groups choose to restrict access to the module to users within the

local subnet while others allow open access from anywhere. The module database contains all user and clinic information as well as the basic demographic data of patients. No medical data is stored on the module server.

All users from every MEMdoc-Module make their initial connection to the MEMdoc central server that houses the core MEMdoc application as well as all clinical study definitions. The MEMdoc application then recognizes the URL of the connection to determine which MEMdoc-Module to utilize and delivers the appropriate custom module application to the user’s web browser. Each time a user requests data the application contacts both the local MEMdoc-Module and MEMdoc central database (Oracle) to seamlessly integrate the data from each for display. Newly entered data is likewise split so that only internal numeric identifiers for the user, patient, clinic, department and module are stored on the MEMdoc central database. All medical data is retrieved from and stored directly to the MEMdoc central server and linked to the module by these internal identifiers. Medical data never passes through the MEMdoc-Module server and is never stored on the MEMdoc-Module server. The birth year and gender of each patient are the only pieces of personal information stored on the MEMdoc central data for performing pooled statistics.

The physical and network security of all the MEMdoc servers is maintained by IEFM (Institute for Evaluative Research in Medicine) at the MEM Research Center. This includes the MEMdoc central (web) server and the MEMdoc database server. All servers are physically housed at the MEMcenter in Bern in a dedicated, locked, climate controlled and monitored server room. The network is protected by a Sonicwall Pro 2040 firewall with real-time gateway anti-virus, anti-spyware, anti-span and intrusion prevention. The firewall only allows access to the servers via ports 80, 443, 8080 and 22 (SSH). Web security is controlled by a DigiCert certified SSL web server certificate with 256-bit encryption. Each server is continuously monitored to log all connections and to detect any suspicious activity. Additionally, any modules that are hosted within IEFM fall within the same security parameters.

Next: How to enroll?