🛡️
🔐
🔒
🏥

About  /  Security & Privacy

🛡️ ENTERPRISE-GRADE SECURITY

The Most Secure Open-Source LIS in the World

Protecting patient data is not just a feature — it’s fundamental to everything we build.

OWASP Compliant
Role-Based Access Control
End-to-End Encryption
Privacy Law Compliance

🏆

Our Commitment to Patient Data Protection

OpenELIS Global is the most secure open-source laboratory information system available. Built from the ground up with security as a core principle, we adhere to the highest security standards in the industry and are fully committed to the safety and privacy of patient data. We don’t just meet security requirements — we set the standard for what open-source healthcare software security should be.

🏆 What Sets Us Apart

Why We Lead in Open-Source LIS Security

No other open-source laboratory information system combines this level of security architecture, active maintenance, and implementation support.

🛡️

Security-First Architecture

Unlike legacy systems with security bolted on later, OpenELIS Global was architected with OWASP Top 10 compliance and defense-in-depth from day one.

🔄

Actively Maintained

With 68+ contributors and regular releases, vulnerabilities are patched rapidly. We don’t ship with outdated dependencies or end-of-life software.

🏫

University-Backed Stewardship

Stewarded by DIGI at the University of Washington — not a for-profit company. Our commitment is to public health, not shareholder returns.

👥

Granular Access Control

Our RBAC implementation is among the most sophisticated in any open-source LIS — control access down to individual lab units, test sections, and functions.

🔬

Real-World Proven

Deployed in national reference laboratories and healthcare networks across multiple countries. Battle-tested with real patient data at scale.

🤝

Implementation Support

DIGI provides security training, configuration reviews, and deployment guidance. You’re not on your own to get security right.

Security Features

Built-In Security at Every Layer

Comprehensive security measures protect your data from unauthorized access, disclosure, and modification.

👥

Role-Based Access Control (RBAC)

Fine-grained permissions ensure that users can only access the data and functions they need. Private medical information is protected from unauthorized users at every level.


Granular permission levels

Lab unit-based access restrictions

Audit trails for all access

🔐

Secure Communications

All data in transit is protected with industry-standard encryption protocols. We use modern TLS/HTTPS for all communications and encrypt sensitive data at rest.


TLS 1.2+ encryption

HTTPS enforced for all connections

Encrypted database connections

🔑

Strong Authentication

Robust authentication mechanisms ensure only authorized users can access the system. Support for modern identity providers and secure password policies.


Secure session management

Password complexity requirements

Account lockout protection

🛡️

Input Validation & Sanitization

All user inputs are rigorously validated and sanitized to prevent injection attacks and ensure data integrity across the application.


SQL injection prevention

XSS attack protection

CSRF token protection

📋

Comprehensive Audit Logging

Complete audit trails track all system activities, providing accountability and enabling forensic analysis when needed.


User action tracking

Data modification history

Login attempt monitoring

💻

Secure Development Practices

Security is built into our development lifecycle with code reviews, automated testing, and adherence to secure coding standards.


Security-focused code reviews

Automated security testing

Dependency vulnerability scanning

Industry Standards

OWASP Best Practices

OpenELIS Global follows the Open Web Application Security Project (OWASP) guidelines — the industry gold standard for web application security. Our development team actively addresses the OWASP Top 10 security risks.

We protect against:

Injection Attacks
Broken Authentication
Sensitive Data Exposure
XML External Entities
Broken Access Control
Security Misconfigurations
Cross-Site Scripting (XSS)
Insecure Deserialization

Learn about OWASP Top 10 →

🔧

Modern, Supported Software

We never use end-of-life or unsupported software versions. All dependencies are regularly updated to include the latest security patches.

Java
21 LTS ✓
PostgreSQL
14+ ✓
Spring Framework
Current ✓
Ubuntu
22.04 LTS ✓

Global Compliance

Privacy Law Compliance

OpenELIS Global is designed to conform to privacy laws and regulations of the countries where it is deployed.

🇪🇺

GDPR

European Union

🏥

Health Data Laws

Various Jurisdictions

🌍

National Regulations

Country-Specific

🔬

Lab Standards

ISO / SLIPTA

Flexible by Design: OpenELIS Global’s architecture allows implementers to configure the system to meet specific local, regional, and national privacy requirements. Our team works with implementers to ensure compliance with applicable regulations.

DIGI at University of Washington

Security Advisory Services

DIGI works directly with implementers to provide guidance on securing OpenELIS deployments, including network architecture, server hardening, and operational security best practices.

Implementation Support

We Help You Deploy Securely

DIGI at the University of Washington provides expert guidance to help implementers secure their OpenELIS deployments according to best practices and local requirements.

🏗️

Infrastructure Guidance

Recommendations for secure server configuration, network architecture, and hosting environments.

📚

Security Training

Training for IT staff on maintaining security, recognizing threats, and incident response procedures.

🔍

Security Reviews

Assessment of deployment configurations to identify and address potential vulnerabilities.

Continuous Security

Security is not a one-time effort — it’s an ongoing commitment.

🔄

Regular Updates

Security patches released promptly to address vulnerabilities

🔍

Vulnerability Scanning

Automated scanning to detect security weaknesses

📊

Dependency Monitoring

Third-party libraries monitored for known vulnerabilities

🚨

Incident Response

Established procedures for responding to security incidents

🏆 SECURITY LEADER

See Why We Lead in Security

We’re happy to discuss our security practices and demonstrate why OpenELIS Global is the most secure choice for your laboratory.

OpenELIS Global is stewarded by DIGI at the University of Washington