A health-records company that takes a shortcut on security has no business existing. Here's exactly what we do — and what we don't yet do.
We implement the HIPAA Security Rule's technical safeguards — encryption, access controls, audit logs, integrity protection, transmission security. We have not yet completed a formal third-party audit, and we will never claim certification we haven't earned. If you intend to use Hamdosh under a Business Associate Agreement, please contact us — we will tell you exactly where we are.
Every PHI column and every uploaded file is encrypted with AES-256-GCM. Per-file keys are wrapped by a master key held in environment-protected storage (KMS in production). Decryption happens in the application layer; the database never sees plaintext PHI.
Every request between your browser and our API uses TLS 1.3 with modern ciphers. HSTS preloaded. No mixed content. No plain-HTTP fallback.
Passwords are hashed with Argon2id at memory-hard parameters. We never see your plaintext password. Reset flows use single-use, time-limited tokens.
15-minute access tokens; rotating refresh tokens with reuse detection. A leaked token grants minutes of access, not months.
Every read of every PHI record writes an immutable audit row: who, what, when, from where. You can review your own access log in-app at any time.
Family members access shared records only via explicit, scoped, time-bounded consent grants. Revocation is one click and takes effect immediately.
Uploaded documents live in S3-compatible storage (MinIO in dev, Cloudflare R2 in prod) behind signed URLs with 60-second TTL. No direct public bucket reads, ever.
Every uploaded file is scanned before it lands in your record. Quarantine if suspicious. (Phase 2 stub in MVP; production-grade in v1.)
Security inquiries: security@hamdosh.com. Privacy questions: see our privacy policy.