Security at Healthzee
We build a HIPAA-compliant platform with layered controls. Patient and clinic data stays protected through encryption, access policies, and resilient infrastructure.
Encryption everywhere
- TLS 1.2+ for data in transit; HSTS enforced.
- AES-256 encryption at rest with managed key rotation.
- Separate tenant keys for clinic data.
Access controls
- Role-based access control mapped to least privilege.
- SAML/SSO support and mandatory MFA for internal admins.
- Comprehensive audit logging with immutable storage.
Resilience and backups
- Daily encrypted backups stored in separate regions.
- Disaster recovery runbooks tested quarterly.
- Uptime monitoring and auto-healing infrastructure.
Vendor management
We minimize vendor risk by auditing partners, restricting scope, and monitoring ongoing access.
- Vendors undergo security and HIPAA reviews before integration.
- Data processing agreements and BAAs are executed when required.
- Continuous monitoring of access tokens, scopes, and usage.
Responsible disclosure
We welcome security researchers and partners to report potential vulnerabilities responsibly.
- Email security@healthzee.com with a summary of the issue.
- Use encrypted channels for sensitive findings.
- Allow our team time to triage and remediate before public disclosure.
We acknowledge valid findings and credit researchers when issues are verified and resolved.
Security questions?
Reach out to security@healthzee.com or include security review requests in your partnership inquiry.