Security

Last updated: pending counsel review.

Encryption

All connections to the platform are encrypted with TLS 1.2+ and protected by HTTP Strict Transport Security. All data at rest is encrypted by our cloud database provider. Sensitive identifiers (e.g., insurance member numbers) are additionally encrypted at the column level.

Access controls

Access to patient information is enforced by role-based access control and row-level security in the database. All staff accounts with administrative, billing, or dispatch privileges are required to enroll multi-factor authentication. Sessions idle out automatically.

Auditing

Every change to clinical or financial data is recorded in an append-only audit log. Read access to patient records is also logged separately for HIPAA accounting-of-disclosures support.

Vendor program

We engage subprocessors only under signed Business Associate Agreements. Our active vendor list and BAA status is maintained internally and is available to facilities on request.

Vulnerability reporting

Please report security concerns to security@morgan-transport.com. We respond within one business day.

Status: placeholder text generated by Phase 10.1. Replace with counsel-reviewed copy before launch.