Digital health compliance, made simple Needius Case Study |

Needius relies on to secure its Blu(e) platform and users' data








Needius is an Italian company founded in 2013 which develops services for children with communication difficulties. In 2015 Needius started developing Blu(e), a platform which offers a remote management system for physicians, a mobile application for patients, and a monitoring system and dashboards used by physicians and caregivers (family) to exchange information.

The Blue(e) suite relies on a backend which processes gameplay data in order to provide to caregivers and family the information, dashboards and statistics describing the progress of children diseases.

The Blu(e) backend stores patient information, manages users access to data and the interaction between physicians and the child's family.

Due to the sensitivity of the data related to children with specific diseases, the data protection requirements were fundamental to ensure a proper service design. Storage of patient information, user management, and physicians and family interactions are some of the key challenges that the team faced in order to:

  • document and demonstrate the compliance with the data protection laws. The result of this activity includes a privacy policy, terms and conditions of Blu(e) service and technical safeguards of the platform;

  • notify the Data Protection Authority the data processing activity, describing the service, its purpose and its safeguards;

  • reduce the risks for the company and mitigate the legal responsibility of its CEO;

  • demonstrate trust to end-users (family), physicians and caregivers.


To achieve compliance with EU and Italian data protection laws, Needius relied on the service. Although the Blu(e) backend and algorithms were already developed, the Needius team integrated to store sensitive data, such as patient identifiable information and information related to physicians and family interactions, like reports and other sensitive information.

In addition, to ensure a proper access to data, audit logs and management of stored information, Needius team used the API for user management. The implementation of API calls is done via Blu(e) backend, which forwards the authentication and other API calls to API. In such way Needius team didn't have to modify its own API and the interaction with mobile and web applications.

The resulting backend configuration and the data flow has easily achieved a sufficient level of separation of identifiable personal and sensitive data, implementing in such way a pseudonymization approach and reducing the overall risks. The final configuration has been approved by lawyers, giving to Needius the possibility to deliver its service in Italy and in the whole EU.

“By integrating the API in our apps we solved all compliance and security issues easily.
As a result, we were able to deliver our service to the whole Italian and EU market.”

Nicola Filippi - CEO of Needius


  • Ensuring compliance with data protection laws is necessary to fulfill legal obligations and important for end-users to deliver trust.

  • Compliance is a complex problem, but there exist services like that help in making it easy.

  • The best way to approach the problem (at least in existing applications) is the pseudonymization, which allows developers to reduce risks, reduce development efforts, while still ensuring compliance with data protection and a good level of security.

  • service makes it extremely easy to implement pseudonymization and achieve compliance.

Ready to start?