HIPAA
How we keep your record safe
HIPAA-paranoid by design. Defense in depth. BAAs with every vendor that touches PHI.
Row-level security on every table
Patient A cannot read Patient B's data. Period. Verified by automated fuzz tests on every deploy.
Audit log on every PHI access
Every read, every write, every export. Seven-year retention. Searchable by admins.
PHI scrubber on every log
Error monitoring, product analytics, and server logs are all sanitized before any error data leaves our infrastructure.
Break-glass with mandatory justification
When a provider needs to access a patient outside their assigned panel, the reason is required and reviewed.