Enterprise-grade clinical pharmacy infrastructure.
When you're running clinical services across hundreds or thousands of stores β or you're a payvider trying to mobilise pharmacy as care infrastructure β your problem isn't a workflow tool. It's identity, integration, audit, and SLAs that hold up to your IT and InfoSec organisations. MedMe Enterprise is the platform that signs your security questionnaire.
You signed off on Epic. You will sign off on this.
MedMe Enterprise is built for the security, identity, integration, and reporting expectations of an enterprise health-IT organisation. SOC 2 Type II, HITRUST CSF r2, and a full security questionnaire library β pre-completed.
CIO / VP Health IT
Identity that speaks SAML 2.0 and OIDC. RBAC that maps to your AD groups. Audit logs that ship to your SIEM. The integrations your team expects β without negotiating each one.
Chief Clinical Officer
Standardised care plans, protocol versioning across thousands of stores, outcomes data shared back to your population-health stack on a schedule you set.
VP Pharmacy / Network Strategy
The platform underpinning your network. Per-store, per-region, per-banner roll-ups; performance pacts with payvider partners; clinical-service ROI you can put in a board deck.
SSO, RBAC, audit logs β done the way enterprise IT actually does them.
No "SSO add-on" SKU. No "audit log export tier". No "premium support package" to get answers to questions your team is allowed to ask. Enterprise gets the full stack.
- SAML 2.0 + OIDC (Okta, Azure AD, Ping, Duo, Auth0, Google Workspace)
- SCIM 2.0 user + group provisioning, automatic deprovisioning
- RBAC mapped to your AD groups β pharmacist, tech, billing, district manager, regional director, CIO
- Audit logs streamed to your SIEM (Splunk, Sumo, Datadog, S3) β JSON or CEF
- Configurable session policies β IP allowlist, MFA enforcement, session timeout
- Break-glass workflow with after-the-fact attestation
Epic, Cerner, RPA bridges, claim exports β wired into your existing stack.
Your enterprise architecture didn't get built last year, and we don't pretend ours is the centre of it. MedMe Enterprise integrates outward β into the EHRs your physicians use, the data warehouse your analytics team trusts, and the dispensing systems that already exist.
Epic β App Orchard / Showroom
FHIR R4 read of patient demographics, conditions, medications, allergies, encounters. Write-back of pharmacist-authored care notes via DocumentReference. Open Orders integration for care plan signoff.
Cerner / Oracle Health
HL7 v2 ADT + ORM + ORU feeds. FHIR R4 where Millennium supports it. Bidirectional integration scoped during implementation.
RPA bridges
For dispensing systems without a real API, MedMe ships supported RPA workers that read patient context out of PioneerRx, Liberty, BestRx, Computer-Rx, RxSafe. Latency 30-90s, with full audit trail.
Claims clearinghouse
837P submission via Availity, Change Healthcare, Waystar β your choice, or use ours. 835 remit ingest, 277CA acknowledgements, automatic denial routing into your denial-management workflow.
Data warehouse export
Snowflake / Redshift / BigQuery sync of de-identified or fully identified clinical event log on a schedule you set (5min, hourly, daily). FHIR R4 schema, SCD2 history, lineage included.
Payvider partner data feeds
Roster sync, gap-in-care lists, attribution lists, quality-measure event reporting (HEDIS, Stars, MIPS pharmacist-reported). Configurable per partner contract.
Pharmacy as care infrastructure for your payvider partners.
If your enterprise is in a value-based contract β direct contracting, ACO REACH, MA shared-risk, employer payvider β pharmacy is the most under-utilised access point in your network. MedMe Enterprise provides the data layer that lets your pharmacists count toward attribution, quality, and shared-savings calculations.
- HEDIS gap-in-care list ingest, daily refresh
- MIPS / Stars measure event reporting from clinical encounter
- Pharmacist-led visit attestation suitable for ACO/REACH reporting
- De-identified clinical outcome data for actuarial use
- Bi-directional roster sync β your member list, attribution updates
- Configurable PHI handling per partner BAA
A team that has stood up enterprise pharmacy before. Multiple times.
Enterprise rollouts are 9 to 18 months. We don't pretend otherwise. Your engagement gets a named program manager, a dedicated solutions architect, and clinical SMEs who have run pharmacy clinical service lines at scale β not generalist consultants.
Your InfoSec questionnaire β pre-completed.
MedMe maintains an active SOC 2 Type II report, HITRUST CSF r2 certification, and a security questionnaire library covering HECVAT, CAIQ, and the most common health-system templates. Your InfoSec team will recognise the answers.
| Commitment | Standard | Enterprise SLA | Enterprise+ SLA |
|---|---|---|---|
| Uptime | 99.9% | 99.95% | 99.99% |
| Sev-1 response | 1 hr | 30 min | 15 min |
| Sev-1 resolution | 4 hrs | 2 hrs | 1 hr |
| RTO (disaster recovery) | 8 hrs | 4 hrs | 1 hr |
| RPO (data loss tolerance) | 1 hr | 15 min | 5 min |
| SOC 2 Type II | β | β | β |
| HITRUST CSF r2 | β | β | β |
| Single-tenant deployment option | β | β | β |
| Customer-managed encryption keys (BYOK) | β | β | β |
| Dedicated security review | β | Annual | Quarterly |
| Penetration test report (under NDA) | β | β | β |
Enterprise IT questions, answered.
What is your SOC 2 Type II + HITRUST status?
Active SOC 2 Type II, audited annually by Schellman. HITRUST CSF r2 certified, due for re-certification Q4 2026. Latest reports are available under MNDA β your CISO can request them through your sales contact and we'll have them in their inbox the same business day.
Do you support a single-tenant or VPC deployment?
Enterprise+ supports single-tenant deployment in AWS GovCloud or a customer-dedicated VPC in commercial AWS. Multi-tenant SaaS is the default β most enterprise customers run on it. Single-tenant is available where contractual or regulatory requirements demand it.
How does MedMe handle PHI? Where is data stored?
All PHI is stored in AWS US East and US West regions, encrypted at rest with AES-256, encrypted in transit with TLS 1.3. Database-level encryption with rotating keys. Field-level encryption for the most sensitive elements (SSN, full DOB, payment data). Customer-managed keys are available on Enterprise+. Full data residency commitment β no PHI ever leaves the US, no PHI is used to train any AI model.
Do your AI models train on our data?
No. Our AI Scribe and clinical-coding suggestions use third-party LLM providers (currently Anthropic and OpenAI) under zero-retention BAA terms. No customer data is used to train any model β ours, or our providers'. Models are deployed in HIPAA-eligible enclaves with logging that you can audit.
Can we self-host MedMe behind our firewall?
No. MedMe is a SaaS platform and we do not offer a fully on-premises deployment. Enterprise+ does support a single-tenant VPC peered to your environment with your CIDR-allowed integrations, dedicated KMS keys, and customer-controlled audit log destination β which addresses most of the underlying concerns that lead to a "self-host" ask.
How long does enterprise implementation take?
9 to 18 months end-to-end for a multi-thousand store deployment with custom EHR integration. Faster if you don't need the EHR write-back. Faster still for a wave-based rollout where Wave 1 is a 50-store pilot. Your dedicated program manager will spec a wave plan in the first month based on your store count, EHR posture, and clinical service portfolio.
Can we put MedMe in our security review?
Yes β and we encourage it. We maintain pre-completed HECVAT, CAIQ, and SIG Lite responses. We sign BAAs without negotiation. We support pen-test reports under NDA. We support a customer-funded security audit on Enterprise+. The fastest enterprise security review on record was 11 days end-to-end with a national health system; the slowest was 7 months. The variance is on your team's calendar, not ours.
Pharmacy as care infrastructure. Built for your network.
Talk to our enterprise team. First call is a 60-minute working session with our CISO and your CISO designate, plus our solutions architect, plus your network strategy lead. No demo unless you ask.