Security & Compliance

ClaraRx is built from the ground up for regulated healthcare data — encryption, isolation, and audit trails are defaults, not add-ons.

Enterprise Security & Compliance

HIPAA Compliant

Full PHI safeguards — access controls, audit logging, encryption

NCPDP D.0

Certified claims format — B1, B2, B3, E1, S1 transactions

FDB Powered

81 clinical tables — 9 automated safety screening types

AES-256 Encrypted

At-rest and in-transit — pgcrypto, S3 SSE, TLS 1.2+

Built for PHI. Verified in Code.

ClaraRx is architected from the ground up for healthcare data protection — per-customer database isolation, field-level encryption, and comprehensive audit trails are defaults, not add-ons.

Encryption At Rest & In Transit

AES-256 on all databases with pgcrypto field encryption. TLS 1.2+ enforced globally via Caddy reverse proxy.

Database Isolation

Per-customer database instances — zero shared tenancy. Row-level and field-level security enforced at the database layer.

Identity & Access

JWT sessions with SSO (Google Workspace & Azure AD), MFA, and granular RBAC with six configurable roles.

Audit & Monitoring

Every user action logged with context. Sentry.io for real-time error monitoring. Centralized secret management via Infisical.

Compliance Posture

  • HIPAA Compliant

    PHI safeguards — encryption, access controls, audit trails

  • HITECH Compliant

    Breach notification & encryption requirements met

  • NCPDP D.0 Certified

    Full D.0 implementation verified in code

  • SOC 2 Type II

    Controls mapped; readiness documented

Schedule a Security Review

Need a deeper review?

We're happy to walk through our compliance controls and infrastructure architecture.

Schedule a Security Review