Paige

Trust & Security

Healthcare-grade security and compliance built into every aspect of Paige. Your practice and client data are protected by enterprise-level security measures.

Security Measures

Comprehensive security implementations protecting your healthcare data

PHIPA Compliance

Compliance with Ontario's Personal Health Information Protection Act (PHIPA)

  • Protected Health Information (PHI) encryption before database storage
  • Audit logging for all PHI access as required by PHIPA Section 10.1
  • Cross-border data processing consent management
  • 24-hour breach notification protocols
  • 10-year data retention following healthcare standards

Implementation: Implemented in apps/api/app/models/ with PHI compliance decorators and audit logging

Data Encryption

Healthcare-grade encryption for all sensitive data

  • AES-128 encryption for data at rest
  • TLS encryption for data in transit
  • Encrypted database fields with *_encrypted suffix pattern
  • Secure key management and rotation
  • End-to-end encryption for PHI data

Implementation: Database models use encrypted columns pattern: client_name_encrypted, session_notes_encrypted

Access Controls

Strict role-based access controls and authentication

  • NextAuth-integrated authentication system
  • Role-based access control (RBAC)
  • Session management with secure tokens
  • Multi-factor authentication support
  • Automated session expiration

Implementation: Implemented in apps/web/middleware.ts with NextAuth integration and route protection

Audit & Compliance

Comprehensive audit trails and compliance monitoring

  • Complete audit logging for PHI access
  • Tamper-proof audit trails with cryptographic hashing
  • User activity monitoring and logging
  • Compliance reporting and documentation
  • Regular security assessments

Implementation: PHIAuditLog model with tamper_proof_hash field in database schema

Secure Development Practices

Privacy by Design

Security and privacy built into every feature from the ground up

  • PHI data never stored in plain text
  • Minimal data collection principles
  • Automatic data sanitization in logs
  • Privacy-first development methodology

Secure Development

Industry-standard secure coding practices

  • Healthcare compliance rules enforced in codebase
  • Automated security scanning and testing
  • Regular dependency updates and vulnerability patching
  • Code review requirements for all changes

Infrastructure Security

Secure infrastructure and deployment practices

  • Docker containerization for secure environments
  • Environment-based configuration management
  • Secure API endpoints with proper validation
  • Database security with connection pooling

Compliance Frameworks

PHIPA

Implemented

Personal Health Information Protection Act (PHIPA - Ontario)

PHIPA-aligned safeguards including PHI protection, audit requirements, and breach notification.

Healthcare Data Security

Implemented

Industry best practices for healthcare data protection

AES-128 encryption, secure transmission, and healthcare-grade security measures.

Verified Implementation

All security measures and compliance features listed on this page are actively implemented in our codebase. We maintain transparency about our security practices and regularly audit our implementations.

View Compliance DetailsSecurity Questions?