Security & Data Protection
Security & Data Protection Framework
The platform is designed to support healthcare data protection best practices. This page is maintained by RAFIQ Health and describes the security controls currently enabled on the platform. It is not an independent certification.
Encryption in transit
All traffic is served over TLS 1.2+ via the managed hosting platform.
Encryption at rest
Data is encrypted at rest by the managed cloud storage provider.
Access controls
Available in enterprise deploymentsRole-based access controls with least-privilege defaults.
Authentication
Available in enterprise deploymentsEmail + password authentication with session management and SSO integration.
Audit logging
Available upon implementationAdministrative and data-access event logging for review and compliance support.
Tenant isolation
Available in enterprise deploymentsLogical data isolation and access-scoping per customer environment.
Report a security issue
Suspected vulnerabilities or security concerns can be reported by calling +1 (786) 271-3697.