Skip to content
Xoptra
Security & HIPAA

Data privacy is not a checkbox. It's the foundation.

CareFlow is built with healthcare-grade security foundations and designed for deployment on AWS HIPAA-eligible services under the AWS Shared Responsibility Model. AWS secures the cloud — we engineer everything that protects your data in it.

Our approach

We treat clinic data the way we'd want our own family's records treated.

Healthcare workflows can't afford casual security, so we built CareFlow security-first from the foundation. Today the application enforces database-per-clinic isolation, per-clinic database roles, role-based access control, a PHI boundary checked on every build, single-use patient links, and audit logging of every action. CareFlow is designed for deployment on AWS HIPAA-eligible services — KMS-managed encryption, scoped IAM roles, and CloudTrail logging are provisioned as part of clinic onboarding, under a Business Associate Agreement signed before any real patient data is processed. We minimize the PHI we touch, route sensitive data through encrypted channels only, and keep your EHR as the source of truth.

Today

  • Product workflows run on synthetic / demo data.
  • Clinic isolation, RBAC, audit logging, and patient-link controls are implemented in the application foundation.
  • Public demos do not process PHI.

At clinic onboarding

  • The BAA is executed before any PHI is processed.
  • Infrastructure is provisioned for the clinic environment.
  • EHR / eRx / workflow mapping is completed.
  • Production credentials and communication channels are configured.

The four pillars

What every clinic owner and IT director scans for.

Encryption

Designed for deployment on AWS HIPAA-eligible services — AES-256 at rest, TLS 1.2+ in transit, encryption keys managed via AWS KMS with rotation, provisioned at clinic onboarding. By design, no PHI moves over plaintext channels.

Access Control

Principle of Least Privilege, enforced in the app today. Role-based access control, database-per-clinic isolation, and per-clinic database roles wall off each clinic's data — only the people who need it can see it. Access is scoped and revoked on offboarding.

BAA

A standard BAA is executed at clinic onboarding, before any PHI is processed — Xoptra LLC signs as Business Associate. Template provided for legal review.

Audit Logs

Every action taken in the application is logged today — a full audit trail for compliance reviews and incident response. Retention is configured to HIPAA guidance at clinic onboarding.

What we don't do

Boundaries we won't cross.

  • We are not a long-term vault for PHI. CareFlow processes the workflow; your EHR holds the record.
  • We don't sell, share, or use clinic data for any secondary purpose — not analytics, not training, not benchmarking, not advertising.
  • Your data stays in the AWS region set in your BAA — no surprise data movement. Region commitments are finalized in the BAA at onboarding.
  • We don't grant blanket access. Vendor and staff access is least-privilege and role-based, with revocation on offboarding.

For clinics evaluating CareFlow

Need our security overview?

Reach out for our BAA template, a current vendor list, and a one-pager covering our architecture, access controls, audit logging, and incident-response approach. We'll send it within two business days.

Request security pack

For service businesses

Same hygiene. Different stack.

Even on the Repeat Client System side, we follow the same data hygiene principles. Your customer list is yours — we don't share it, sell it, or use it for any purpose beyond running your automation.

Back to Xoptra

Questions about how we'd handle your clinic's data?

Bring them to a call. We'll walk through our security approach, how the BAA works, and exactly what touches PHI versus what doesn't.

Book a walkthrough