Skip to main content

Enterprise-Grade Security

At Records Rocket, we understand that we are handling highly sensitive Protected Health Information (PHI). Security is not an afterthought; it is a core component of our architecture, designed to meet and exceed industry standards.

Data Encryption

Your data is protected at every stage:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using industry-standard TLS (Transport Layer Security).
  • Encryption at Rest: All your files and data, including case records, documents, and database entries, are encrypted when stored on our servers using AES-256 encryption.

Access Control

Our platform is built on a robust, multi-tenant architecture with strict access controls.

  • Authentication: We support secure authentication through trusted providers. Our auth.ts configuration shows built-in support for GitHub and Zoho, with the flexibility to add other OAuth or SAML-based providers.

  • Two-Factor Authentication (2FA): Enforce 2FA for an additional layer of security on user accounts.

  • Single Sign-On (SSO): For enterprise clients, we can integrate with your existing SSO solution, allowing for centralized user management and authentication.

  • Role-Based Access Control (RBAC): Our system uses a granular role-based permission model. As defined in /src/lib/dataAccess/permissions.ts, users are assigned roles like Provider, ProviderAssistant, or TenantAdmin, and our middleware (/src/middleware.ts) strictly enforces which routes and data each role can access.

Infrastructure

  • Secure Cloud Hosting: Records Rocket is hosted on Microsoft Azure, a leading cloud platform with world-class physical and network security that is compliant with a wide range of international and industry-specific standards.
  • Secure Blob Storage: All uploaded documents are stored in Azure Blob Storage, which provides durable, secure, and access-controlled storage for your sensitive files.
  • SAS Token Generation: We use short-lived Shared Access Signature (SAS) tokens to grant temporary, specific access to documents, ensuring that direct links to files cannot be shared or re-used indefinitely.