Security & compliance
12 layers between an attacker and your patient's record
Defence-in-depth means every single layer has to fail before harm happens. Here's what we run.
The 12 layers
Network
TLS 1.3 · TURN over TLS · IP allowlist for admin · WAF.
Prevents: Eavesdropping · MITM · admin endpoint discovery
Authentication
OAuth + email-password · 2FA mandatory clinical and admin · biometric optional · session rotation.
Prevents: Credential theft · session hijacking
Database authorisation
Row-level security per tenant_id and role.
Prevents: Cross-tenant data leak via SQL injection or app bug
API authorisation
Policy layer on every endpoint · scope checks.
Prevents: Privilege escalation via API misuse
UI authorisation
Role-gated rendering · feature-flag visibility.
Prevents: Accidental exposure of features outside permission scope
Encryption at rest
Encrypted volumes · separate keys for biometric and KYC vaults · KMS-managed.
Prevents: Disk theft · backup leak
File scanning
ClamAV on every upload · quarantine on suspicion.
Prevents: Malware delivery via documents
Integrity chain
SHA-256 envelope hashes all PHI events · tamper-evident.
Prevents: Silent data tampering
Watermarking
Dynamic per-viewer watermark on every PHI render · screenshot attribution.
Prevents: Untraceable leaked screenshots
Audit log
9 append-only tables · immutable at the DB role level.
Prevents: Internal misuse going undetected
Anomaly detection
ML on access patterns · flags unusual contact-view bursts · off-hour PHI access.
Prevents: Insider threats · compromised accounts
Break-glass
Super admin PHI access requires reason + two-person approval + separate audit log · time-bounded.
Prevents: Super admin abuse
Regulatory compliance
ABDM / ABHA
Ayushman Bharat health-stack integrated. FHIR exchange.
IMC telemedicine
Indian Medical Council guidelines enforced — license verification, scheduled-drug gating, cross-border patient rules.
HIPAA-aligned
Audit log, role-based access, encryption at rest + in transit. BAAs available.
DPDP (India)
Consent capture, deletion requests, data-fiduciary obligations.
GDPR (EU)
Export / delete / restrict workflows for European patients.
NABH / JCI
Hospital accreditation tracker for compliance teams.
Have a security question?
Email [email protected] — we run a coordinated-disclosure program and respond within 48 hours.