How Nucleushealth Uses Advanced Data Security Technologies To Enhance Clinical Collaboration And Patient Outcomes

NucleusHealth is advancing patient care through innovation in cloud-based medical image management, allowing global access to medical images by physicians, patients, and health systems, as well as healthcare companies requiring images for their products and services. Vormetric Transparent Encryption data security technologies from Thales provides an enterprise-grade solution to support NucleusHealth.

NucleusHealth deploys a scalable cloud platform for medical images that is web-based. At the core of the platform is patented streaming technology, providing diagnostic workstation performance in a browser on any web-enabled device. The technology significantly improves clinical collaboration through fast access to images, reduces IT overhead, is optimized for machine learning and provides flexibility and customization through numerous RESTful APIs.

The company’s state-of-the-art technologies overcome traditional obstacles and distribute diagnostic quality images at unprecedented speeds. The ability to deliver faster, accurate patient care means enhanced patient outcomes at a lower cost: A compelling achievement.

Business Challenge

NucleusHealth relies on the speed, agility, and scalability of its cloud-based automated infrastructure to manage the onslaught of data from a diverse array of global medical imaging environments. When the company sought an encryption solution there was a mission-critical objective to identify a fully automated, enterprise-grade solution that could accommodate the enormous amounts of information.

Grant Cermak, chief information and security officer at NucleusHealth recalled, “Securely managing huge volumes of patient data is a business imperative for NucleusHealth, and to achieve this goal the entire process has to be scalable and automated. On top of this, everything we do must be capable of being remotely deployed and managed.”

Technical Challenge

To establish the company’s compliance with HIPAA for the storage of PHI, NucleusHealth needed to identify an industrial grade encryption solution capable of keeping costs under control and validated for FIPS 140-2 Level 2 and 3.

Cermak elaborated, “HIPAA compliance is a great starting point but we strive to go further. We offer customers the choice of a multi-tenant environment or complete data segregation, and in each case, we have to ensure that only authorized personnel can access patient data.” To accomplish this, it was determined that enterprise-grade key management and role-based access controls (RBAC) would be required to protect information, even from an insider threat with root level access.


NucleusHealth makes extensive use of MongoDB: a big data repository deployed by many of the world’s best known companies. Because of the existing relationship and familiarity with MongoDB, Cermak and his team decided to evaluate two different encryption approaches: MongoDB’s own professional database version that includes built-in encryption, versus Vormetric Transparent Encryption from Thales that offers highly scalable encryption and key management using the Vormetric Data Security Manager (DSM) from Thales. Each solution went through a double proof-of-concept (POC) evaluation; one testing range and facility on a full dataset within MongoDB, and a second gauging the ability to provide support automation.

The first POC had a set of essential success criteria; transparent encryption of data, fast encryption/decryption, audit traceability, and support for cloud-based platforms – such as Microsoft Azure – to ensure the safety of data in the cloud. This POC also examined key management protocols, which entailed a detailed review of key storage security and access procedures; with particular attention to physical separation of key vaults as required for governmental compliance regulations. Tests were included to determine the degree of protection from unauthorized root access. Price performance also factored in as a strong consideration.

The second POC assessed each encryption solution’s automation capabilities, specifically the level to which deployment, reporting, policy-setting, and regulatory compliance auditing could be automated in support of NucleusHealth’s sophisticated deployment strategy.


“Vormetric Transparent Encryption was the fit we were looking for and we quickly embarked on a full rollout,” remarked Cermak. “The Thales solution met all of our evaluation criteria at a price that was affordable, and offers the automated reporting, policy setting and auditing that was vital to our strategy. Because we leveraged Vormetric Transparent Encryption, we were able to utilize the much cheaper, free, open source release of MongoDB.”

Thales provides a complete separation of administrative roles. With role-based access control, only authorized users and processes can view patient data, affording a fundamental level of security that ensures the privacy of sensitive patient data. Vormetric Transparent Encryption provides granular oversight of user access patterns – who accessed which files, with which processes, and at what time – so that any departure from policy can easily be traced. “Thales takes us to the next level,” stated Cermak. “Even someone with root access to a server machine can’t view unauthorized data or adjust policies.”

Thales supports scalability to the petabyte level required in medical imaging environments. Without this scale-out capability, NucleusHealth could not adequately support the continuously growing volume of data being assimilated.


In an industry where patient data integrity is paramount and regulated, NucleusHealth ensures that customer data is fully protected from any breach -- inside or out. Cermak concluded, “With Thales solutions deployed no one has the opportunity to do the wrong thing. It’s not just encryption that’s enabled, it’s security policy”.

Encryption and protection with thales

Business Need

  • Protect patient data from zero day exploits, internal and external intrusions, and unauthorized access
  • Provide support for client multi-tenancy and data segregation requirements in public cloud environments

Technology Need

  • An automated encryption solution with secure key management to meet HIPAA compliance and the company’s strict access control requirements
  • Provide scalability to support cloud-based platforms and protect petabytes of data without impacting Service Level Agreements (SLA)


  • Vormetric Transparent Encryption from Thales


  • Implemented cost-effective encryption solution with enterprise-grade key management that scales to keep petabytes of patient data secure from unauthorized access
  • Enabled a sophisticated cloud-based dev-ops environment with automated reporting, policy-setting, and audit traceability

About Thales eSecurity

Thales eSecurity is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and, with the internet of things (IoT), even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property, and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged-user control and high-assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.