Security & Trust
Security is not a feature we added. It is the architecture we started with. Patient Protect was designed from the ground up by combining security infrastructure designed for clinical and government healthcare environments with clinical compliance expertise — an architecture assembled by our founder to solve a problem no single discipline could address alone.
Security architecture
Encryption is necessary but not sufficient. Patient Protect adds a defense-in-depth security layer — multiple independent controls so that compromising one does not expose the system. This architecture works alongside your existing compliance program or as your complete security foundation.
All data encrypted at rest using AES-256-GCM with authenticated encryption. ePHI is never stored in plaintext — not in the database, not in logs, not in backups.
NIST-standardized (FIPS 197). The same encryption standard used across federal government systems.
Every connection uses TLS 1.3 with forward secrecy. Downgrade attacks are blocked at the protocol level. No legacy cipher suites permitted.
HSTS enforced. Certificate transparency monitored.
No implicit trust. Every request is authenticated, authorized, and validated regardless of network origin. Session tokens are cryptographically bound to device fingerprints.
Defense-in-depth — compromise of one layer does not expose the system.
Real-time behavioral analysis detects anomalous access patterns — brute force, credential stuffing, session hijacking, and privilege escalation — before damage occurs.
Automated response pipeline: AppSensor → rate limiting → Fail2Ban → IP block.
Eight defined user roles with granular permissions. No shared accounts. Unique authentication per user with multi-factor enforcement. Session timeouts after inactivity.
Principle of least privilege enforced at every access point.
AWS-hosted with dedicated VPC, private subnets, and no public-facing database endpoints. PostgreSQL with parameterized queries — SQL injection is architecturally prevented.
Nginx reverse proxy with request filtering. No direct application exposure.
Every access, modification, and administrative action is logged with timestamp, user identity, IP address, and action detail. Logs cannot be modified or deleted by any user, including administrators.
Audit trails retained for 6+ years per HIPAA requirements.
Regular vulnerability scanning with zero Critical, High, or Medium findings. Attack surface continuously monitored. Breach simulation models real-world attack scenarios against your practice profile.
Independent security assessment — not self-reported.
Independent assessment
Patient Protect is independently scanned for network vulnerabilities, application security flaws, and configuration weaknesses. Our most recent assessment — conducted by Pentest Tools in April 2026 — returned zero findings at Critical, High, or Medium severity levels.
This is not self-reported. The scan was performed by an external security platform against our live infrastructure using automated deep scanning methodology.
0
Critical, High, or Medium vulnerabilities
Pentest Tools deep scan — April 2026
Who built this
CEO & Platform Architect
Chief Technology Officer
Chief Security Officer
Our own compliance
Patient Protect is a HIPAA business associate. We execute a BAA with every customer and maintain our own compliance program — not as a marketing exercise, but as an operational requirement.
Ready?
Patient Protect gives your practice security architecture built on the same standards used in federal systems — at a price a five-person dental office can afford.
14-day free trial · No charge until trial ends
