Identity Vault
Identity Vault is nexmin's identity layer that separates "who the person is" (Identity, globally unique) from "what role they play in my practice" (Patient, contextual to one organisation). That separation makes it possible to honour the GDPR right to be forgotten without destroying anonymised clinical aggregates, and supports the same person moving between practices without losing continuity of identity.
In most clinical software, "patient" is a single object that mixes personal identity (name, phone, email) with clinical content (notes, diagnoses, evolution). When a patient asks to exercise their right to be forgotten, the software wipes everything in one block — including data that, anonymised, could have served longitudinal analysis or research. Identity Vault decouples the two. The Identity is the person in the world (an email, a phone, a name); the Patient is the clinical role that person plays inside a specific practice. When someone asks to be forgotten, the Identity is deleted and the chained encryption renders the relationships unreadable, but anonymised aggregate data can still be useful if the clinician needs them. The other side of Identity Vault is portability: the same person can appear as a Patient across two different practices (through voluntary migration or referral between professionals) without those practices having cross access to each other's data. Each Patient is scoped by organisation; the Identity is the only thing shared, and only at the level of "this person exists".
Inside nexmin
Identity Vault is the central piece that lets nexmin support strict multi-tenant isolation, GDPR compliance without loss of analytical value, and natural patient migration between professionals.
Related terms
Last updated: 2026-06-11