Trust & Security
Healthcare-grade security and compliance built into every aspect of Paige. Your practice and patient data are protected by enterprise-level security measures.
Security Measures
Comprehensive security implementations protecting your healthcare data
PHIPA Compliance
Full compliance with Ontario's Personal Health Information Protection Act
- Protected Health Information (PHI) encryption before database storage
- Audit logging for all PHI access as required by PHIPA Section 10.1
- Cross-border data processing consent management
- 24-hour breach notification protocols
- 10-year data retention following CRPO standards
Implementation: Implemented in apps/api/app/models/ with PHI compliance decorators and audit logging
Data Encryption
Healthcare-grade encryption for all sensitive data
- AES-256 encryption for data at rest
- TLS encryption for data in transit
- Encrypted database fields with *_encrypted suffix pattern
- Secure key management and rotation
- End-to-end encryption for PHI data
Implementation: Database models use encrypted columns pattern: client_name_encrypted, session_notes_encrypted
Access Controls
Strict role-based access controls and authentication
- NextAuth-integrated authentication system
- Role-based access control (RBAC)
- Session management with secure tokens
- Multi-factor authentication support
- Automated session expiration
Implementation: Implemented in apps/web/middleware.ts with NextAuth integration and route protection
Audit & Compliance
Comprehensive audit trails and compliance monitoring
- Complete audit logging for PHI access
- Tamper-proof audit trails with cryptographic hashing
- User activity monitoring and logging
- Compliance reporting and documentation
- Regular security assessments
Implementation: PHIAuditLog model with tamper_proof_hash field in database schema
Secure Development Practices
Privacy by Design
Security and privacy built into every feature from the ground up
- PHI data never stored in plain text
- Minimal data collection principles
- Automatic data sanitization in logs
- Privacy-first development methodology
Secure Development
Industry-standard secure coding practices
- Healthcare compliance rules enforced in codebase
- Automated security scanning and testing
- Regular dependency updates and vulnerability patching
- Code review requirements for all changes
Infrastructure Security
Secure infrastructure and deployment practices
- Docker containerization for secure environments
- Environment-based configuration management
- Secure API endpoints with proper validation
- Database security with connection pooling
Compliance Frameworks
PHIPA
ImplementedPersonal Health Information Protection Act (Ontario)
Full compliance with Ontario healthcare regulations including PHI protection, audit requirements, and breach notification.
CRPO Standards
ImplementedCollege of Registered Psychotherapists of Ontario
Professional documentation standards, supervision protocols, and record retention requirements.
Healthcare Data Security
ImplementedIndustry best practices for healthcare data protection
AES-256 encryption, secure transmission, and healthcare-grade security measures.
Verified Implementation
All security measures and compliance features listed on this page are actively implemented in our codebase. We maintain transparency about our security practices and regularly audit our implementations.