Product
Security and Compliance Overview for Healthcare Teams
A high-level overview of encryption, access controls, and data handling.
January 30, 2026
Jordan Lee
Security & Compliance Lead
6 min read
Security and Compliance Overview
Patient data security is non-negotiable. Here's what we do to keep data safe.
Encryption
- •**Data in transit** - TLS 1.2+ encryption
- •**Data at rest** - AES-256 encryption in AWS
- •**Key management** - AWS Key Management Service (KMS)
Access Controls
- •**Role-based access** - Different permissions for doctors, staff, admins
- •**Multi-factor authentication** - Available on all accounts
- •**Audit logging** - Every data access is logged and reviewed
Compliance
- •**HIPAA** - Full compliance with Privacy, Security, and Breach Notification rules
- •**GDPR** - Data Processing Agreements and data subject rights
- •**Regular audits** - Annual third-party security audits and penetration testing
What You Should Do
- •Enable MFA on all staff accounts
- •Review access permissions quarterly
- •Train staff on data security
- •Report any suspicious activity immediately
*Last Updated: January 2026*
Jordan Lee
Security & Compliance Lead
This article reflects the perspective of Jordan Lee on clinic operations and automation.