Trust & safety
Enterprise security built for healthcare
Strong encryption, least-privilege access, immutable audit trails, and tenant isolation by default — designed for regulated environments.
Data protection
- AES-256 encryption at rest for application data stores; TLS 1.3 for data in transit.
- Field-level protections for highly sensitive identifiers where modules require it.
- Encrypted backups with restricted access and documented restore procedures.
Access control
- Role-based access with attribute-aware policies for sensitive workflows.
- Multi-factor authentication and session hardening for privileged actions.
- Emergency access ("break-glass") is logged, time-bounded, and reviewable.
Infrastructure & isolation
- Strong multi-layer data isolation ensures no organisation's data is accessible to another.
- All supporting services deployed with authentication and strict network controls.
- Environment separation for production, staging, and sandbox/training modes.
Compliance alignment
- HIPAA-aligned administrative and technical safeguards (implementation varies by deployment).
- India DPDP Act considerations for consent, purpose limitation, and data principal rights.
- ABDM interoperability patterns where your deployment opts into exchange programs.
AI safety
- PHI minimization before any external model call; human review for clinical outputs.
- Full audit logging of prompts, model versions, and reviewer actions.
- Feature flags to disable AI capabilities entirely for strict environments.
SOC 2 Type II (roadmap)ISO 27001 aligned controlsAnnual VAPT program