Built so audits don't surprise anyone.
Every PHI field is encrypted at rest. Every reveal is gated. Every disclosure is logged. Our facility partners get a copy of the operator runbook so they can verify it themselves — we don't ask anyone to take security on faith.
The bar is HIPAA — but the work is for people.
HIPAA gives us a floor. We aim higher because every PHI field describes a real person navigating a hard day. Here's the technical surface.
Encrypted at rest
PHI fields encrypted at the column level via Supabase Vault. Plaintext only at point-of-use, in memory, never on disk.
Step-up reauth on reveal
Decrypting a member ID, DOB, or insurance authorization requires a fresh password OR email-code verification. Scoped to one record at a time.
Disclosure accounting
Every PHI read writes to phi_access_log. §164.528 reports come out of the same query — investigators don't need a spreadsheet wrangler.
Audit trail
Every mutation lands in audit_log with actor + before/after. Timestamps, IPs, request IDs preserved for cross-log correlation.
Idle timeout
Staff sessions hard-expire after the configured idle window (default 15 min). Tracker links revoke instantly via version bump.
Strict CSP + MFA
Content-Security-Policy nonced per-request. High-privilege roles require MFA enrolment before access. Step-up cookies are scope-bound.
What this means when an investigator calls.
An auditor or regulator asking “who accessed this patient's PHI between dates A and B?” gets an answer in under a minute. The same query that answers that question lives in our operator runbook + ships to facility partners during onboarding.
When a patient family asks for their disclosure history — same query, same answer, same export format. No engineering dependency.
When something goes wrong (an unauthorized read attempt, a storage misconfiguration, anything material) your facility account coordinator hears about it within 24 hours with the audit-log slice attached. We don't wait for the monthly compliance review to surface a problem.
The promises we make in writing.
BAA on file
Business Associate Agreement signed during partnership onboarding. Counsel-friendly redlines welcome.
Accounting on demand
Hand us a date range + a patient or facility id; we hand you the §164.528 accounting back in a CSV. The runbook is operator-ready, not engineer-mediated.
Incident transparency
Anything that touches PHI without authorization is escalated to your account coordinator within 24 hours, with a corrective-action plan.
Compliance-first by design
Walk through it with us.
A 30-minute call covers the technical safeguards, the BAA, and what your team will see in the portal. We'd rather over-explain than under-deliver.