Is the NewHealth application secure?
The NewHealth platform has been developed for people who want to work on their mental health themselves or with guidance, and specifically also for organisations active in professional medical services. They can expect a high level of security for their data. Below is a summary of the measures NewHealth has taken to meet these requirements.
Hosting & data storage
Both the NewHealth platform and the associated data are hosted by Microsoft Azure. The databases in Azure can only be accessed via whitelisted IP addresses. Only our lead developers and the test/release manager have access via these IP addresses. In addition, two-step authentication is required when logging in. All customer data is processed and stored within the European Economic Area (EEA). The locations of the Microsoft servers on which we store data are all in North-West Europe.
Backups
We use the standard Azure SQL backup functionalities for our databases. The PiTR (Point in Time Restore) is set to a maximum duration of 35 days, so in the event of customer queries about the data, we can look back 35 days. SQL databases are stored for a maximum of 7 days.
In addition to the databases, the application platform uses JSON files that contain the configuration of modules. These are stored in Azure Blob Storage. For production, we use read-access geo-redundant storage and a soft delete of seven days. This means we should always be able to restore a backup.
Our application code is located in Azure DevOps. We do not make backups of the application code on the web server; when necessary, we can rebuild and redeploy this code. We use Microsoft's standard backup procedure for our code in Azure DevOps.
Restoring a backup is tested twice a year.
Access security
Users access the NewHealth platform (and all applications available within it) using a web browser via a connection secured with SSL encryption.
Access for application administrators and developers always runs via NewHealth's local office network. Users must be physically present at the office or log in via a VPN connection.
Access for development and maintenance is restricted to specific, authorised persons whose system activities are logged and monitored.
All user accounts are secured with a password that must contain upper-case letters, lower-case letters, numbers and special characters. This is enforced by the system. In addition, users can make use of ‘passwordless login’ using a one-time, short-term login link that is sent to their authenticated email address.
Two-step authentication is optionally available to all users and mandatory for all NewHealth employees.
Interfaces with customer and third-party systems use SAML 2.0, OpenID or OAUTH2 authentication. They use internet connections with SSL encryption or direct one-to-one connections within the data centre.
Security management
NewHealth's information security management system (ISMS) is NEN7510 certified by LRQA:
'Information security relating to: the development and management of e-health SaaS solutions and online modules, the connection to related systems such as an EPD, as well as the services provided in relation to our products, all in accordance with the NewHealth Group's Statement of Applicability, version 1.0.2, dated 22/04/2021. Hosting and network management are outsourced'.
The last audit took place in April 2025.
Security tests
The NewHealth platform is subjected to annual penetration tests, both grey-box and black-box tests. Our current testing partner is Onvio Information Security. The last penetration test took place in October 2025.
Legislation and regulations
NewHealth Collective and Stichting mirro act in accordance with the General Data Protection Regulation (GDPR). NewHealth Collective helps its healthcare clients comply with the WGBO (Medical Treatment Agreement Act), which means, among other things, that medical data must be stored for 15 years.
All NewHealth Collective and Stichting mirro employees and all temporary staff are bound to confidentiality regarding all client data by means of a confidentiality agreement.
Where applicable, a Processing Agreement has also been concluded with all subcontractors, in accordance with GDPR regulations.
Video calls
NewHealth uses Microsoft Teams for video calls. Only real-time video calls are supported; no content is stored in our systems.
Want to know more?
Do you have any additional questions? Please send an email with your questions to support@newhealth.nl. We will then contact you.
Was dit artikel nuttig?
Dat is fantastisch!
Hartelijk dank voor uw beoordeling
Sorry dat we u niet konden helpen
Hartelijk dank voor uw beoordeling
Feedback verzonden
We stellen uw moeite op prijs en zullen proberen het artikel te verbeteren