Security
MedSync Bridge Security
Everything the big hospitals have. Nothing they make you pay extra for.
We run on DrFirst’s Rcopia platform — the same system trusted by over 420,000 prescribers and the largest hospital networks in the country. You get the exact same security, compliance, and audit trail — without managing any of it yourself.
Swipe Left
| Security Feature | What It Means for Your Practice |
|---|---|
| HIPAA Business Associate Agreement | Signed with DrFirst and MedSync Bridge – you’re fully covered |
| AES-256 encryption at rest, TLS 1.3 in transit | Every prescription and patient record is locked end-to-end |
| Experian Identity Proofing for EPCS | DEA-required identity verification – we walk every provider through it at no extra charge |
| Hard or soft token + passphrase | True two-factor authentication for all controlled substances (Schedule II–V) |
| Keycloak OAuth2 + SSO | Secure single sign-on with your existing credentials – no extra passwords |
| AWS HIPAA-eligible infrastructure | Elastic Beanstalk, RDS PostgreSQL, S3 – all in audited, US-based regions |
| Docker & Kubernetes isolation | Each client runs in its own encrypted container |
| Full audit logs | Every click, every script, every login is tracked and exportable for DEA or state audits |
| VCPR enforcement engine | Veterinary controlled-substance rules automatically applied – no risk of non-compliance |
| Private labeling | No third-party branding ever appears to staff or clients |
You never touch servers, tokens, or certificates.
We handle everything: token ordering, Experian invites, passphrase setup, penetration testing, and annual audits.
Your only job is to prescribe
RESULT
Zero data breaches in the DrFirst ecosystem since 2000
100% EPCS compliance pass rate for MedSync Bridge clients
Full DEA, state board, and insurance audit readiness on day one