Tenant isolation, enforced in the database
Every tenant-owned record carries an organization ID, and PostgreSQL row-level security policies — not application code — decide what any session can read or write. Cross-tenant access is structurally impossible through the API surface, and we test isolation with adversarial fixtures.
HIPAA-ready posture with BAAs across the stack
PracticeHub operates as a business associate to the practices it serves. Business associate agreements are in place with our infrastructure vendors — including our database/auth provider, hosting, telephony, and voice AI vendors — before any PHI-bearing workload is enabled for a practice.
Append-only audit trail
Schedule changes, ticket actions, communications, configuration changes, and every AI tool call write immutable audit events with actor, action, and time. Audit rows cannot be edited or deleted through the application.
Human-in-the-loop AI governance
AI agents act only through narrow, individually-permissioned server-side tools — never raw database access. High-risk actions (clinical decisions, refill approvals, claim submission) always require human review. When an agent is unsure, it escalates to a human queue instead of improvising.
Least-privilege keys and PHI-safe logging
Service credentials never ship to browsers. Public clients use publishable keys constrained by row-level security. Application logs are designed to exclude message bodies, patient identifiers, tokens, and credentials.
Deterministic where it matters
Scheduling, permissions, task routing, and messaging compliance (STOP/START/HELP) are deterministic systems with tests — AI can explain and assist, but it cannot silently override the rules.