Skip to main content

Security & compliance

Healthplex is designed for regulated healthcare environments. Here is exactly what that means — and what it does not mean.

Important: Language on this page uses "designed for", "aligned with", and "supports the requirements of". Where we hold a completed certification, we will say so explicitly. We do not.

Regional compliance profiles

Each tenant deployment is assigned a compliance profile at onboarding. The profile activates the appropriate data-handling rules, consent workflows, audit retention policies, and regional subprocessors.

United States — HIPAA

Healthplex is designed to support your obligations as a HIPAA-covered entity or business associate. The platform supports the required administrative, physical, and technical safeguards described in the Security Rule. A Business Associate Agreement (BAA) is available for all tenants.

  • Audit controls: every PHI read and write is logged in an append-only audit table
  • Access controls: RBAC + ABAC + ReBAC, with field-level redaction for sensitive categories (mental health, HIV, SUD)
  • Transmission security: TLS 1.3 minimum; HTTPS-only; HSTS preload
  • Break-glass: emergency access requires documented reason + senior approval + real-time security alert
  • BAA available on request

European Union — GDPR / EHDS

Healthplex is designed to support your obligations as a GDPR data controller. The platform implements data minimisation, purpose limitation, and data subject rights workflows. A Data Processing Agreement (DPA) covering GDPR Article 28 obligations is available.

  • Data subject rights: access, rectification, erasure, portability, and restriction workflows
  • Consent management: per-purpose consent records with revocation
  • Data residency: EU-region tenants stay within the EU; no cross-border transfer without SCCs
  • DPA (Article 28) available on request
  • EHDS interoperability adapters on the roadmap

India — NABH + DPDP

Healthplex is designed to support NABH accreditation requirements and the Digital Personal Data Protection Act 2023. Indian tenant deployments run in-region on Indian infrastructure. ABHA identity integration is available via the interop module.

  • NABH quality indicators and accreditation documentation support
  • DPDP: data fiduciary obligations, consent notice workflows, grievance officer designation
  • ABHA / ABDM identity integration via interop module
  • Data stays in India for IN-region deployments

Australia — Privacy Act 1988 + APPs

Healthplex is designed to support the 13 Australian Privacy Principles (APPs) under the Privacy Act 1988, including sensitive information handling requirements for health information.

  • Sensitive information handling: health records classified and handled per APP 3 + APP 6
  • Access and correction: patient access request workflows
  • Data stays in Australia for AU-region deployments
  • Trans-Tasman cross-border transfer controls

Singapore & UAE

Healthplex deployments in Singapore (PDPA) and the UAE (ADGM / DHA data regulations) are supported via region-specific compliance profiles. Specific regulatory requirements are configured per tenant at onboarding.

  • PDPA (Singapore): consent, notification, and data protection obligation workflows
  • UAE DHA / MOH: data localisation and clinical data retention requirements
  • Region-specific deployments available

Architecture-level safeguards

Security is not a feature you add at the end. These safeguards are structural — removing them would require rewriting core platform modules.

Row-level tenant isolation

Every database query carries an org_id tenant filter enforced by the platform module. Spring Modulith verification tests prove no module can bypass this. A test that queries without a tenant context fails the build.

Append-only PHI audit trail

Every read and write of protected health information generates an immutable audit entry. Hard-delete of PHI records is forbidden at the code level; soft-delete marks deleted_at and retains the audit trail.

Cedar policy decision point

Authorization is enforced by a Cedar PDP (policy decision point), not by scattered if-statements. Policies are authored separately from application code and can be audited independently.

Break-glass with mandatory review

Emergency access to records outside normal authorization requires a documented reason, senior approval, and generates an immediate security alert. Every break-glass session has a post-access review queue.

Outbox-pattern event delivery

Cross-module events are persisted in the same transaction as the state change — no fire-and-forget. Spring Modulith's event_publication mechanism guarantees delivery even across restarts.

BAA and DPA available

A Business Associate Agreement (BAA) for HIPAA and a Data Processing Agreement (DPA) for GDPR Article 28 are available for all production tenants. Contact sales to request them before going live.

Data residency

Tenants choose their deployment region at onboarding. Patient data — PHI included — stays within that region's infrastructure for the lifetime of the contract. There is no global data lake that aggregates PHI across tenants.

Healthplex maintains a public subprocessor list at /legal/subprocessors. We notify tenants 30 days before adding a new subprocessor that handles PHI, giving them the right to object or terminate for cause.

Aggregated, de-identified usage analytics may flow to our analytics infrastructure for platform improvement purposes. These flows are governed by the Terms of Service and are stripped of all direct identifiers before leaving the tenant's region.

Available regions

  • United States us-east-1 / us-west-2
  • European Union eu-central-1 / eu-west-1
  • India ap-south-1
  • Australia ap-southeast-2
  • Singapore ap-southeast-1
  • UAE me-central-1

Additional regions available on request. Multi-region active-passive for HA within the same compliance jurisdiction.

Responsible disclosure

We take security vulnerabilities seriously. If you discover a security issue in the Healthplex platform, please report it to us before disclosing publicly. We follow a 90-day coordinated disclosure window.

security@healthplex.app

90-day coordinated disclosure window. We will acknowledge within 2 business days and aim to patch within 30 days for critical issues.

Need a BAA or DPA?

Join clinical teams across multiple regions who rely on Healthplex for modular, secure, AI-native EHR workflows.

Talk to sales Read terms of service