Skip to content

Security & Data Ownership

Your data belongs to you.

We don't just protect your data — we believe you own it. Green Path Health is built with security by design and patient data sovereignty at its core.

HIPAA Compliance

Full HIPAA compliance with administrative, physical, and technical safeguards. Business Associate Agreements with all infrastructure partners. Regular security audits and risk assessments.

HIPAABAARisk Assessment

Encryption at Rest & In Transit

All patient data is encrypted at rest using AES-256 encryption. All communications use TLS 1.3. Database connections are encrypted with SSL certificates.

AES-256TLS 1.3SSL

Access Controls

Role-based access control (RBAC) ensures users only see data relevant to their role. Every access is logged in an immutable audit trail. Multi-factor authentication available for all accounts.

RBACAudit LogMFA

Data Ownership

Your health data is yours — not ours, not AWS's, not anyone else's. You can export your complete medical record at any time. We maintain proprietary ownership controls that ensure your data remains yours even when hosted on cloud infrastructure.

Patient-ownedExport anytimePortable

Your rights

Patient Data Bill of Rights

Every patient on Leafjourney has these fundamental data rights.

01

Right to access

View all of your health data at any time through the patient portal. Complete chart access including notes, labs, messages, assessments, and care plans.

02

Right to export

Download your complete medical record in standard formats (PDF, CCD/CDA). Print any document directly from the portal.

03

Right to delete

Request deletion of your data at any time. We comply with applicable state and federal data retention requirements, then permanently remove your information.

04

Right to correct

Request corrections to any inaccurate information in your medical record. Your care team will review and update accordingly.

05

Right to restrict

Control who can access your data within the platform. Restrict sharing of specific records, notes, or documents.

06

Right to portability

Transfer your records to another provider seamlessly via HL7 FHIR interoperability standards. Your data moves with you.

Infrastructure

How we keep your data safe

Hosting

Render (US data centers)

Database

PostgreSQL with encrypted connections

Authentication

Bcrypt-hashed passwords, iron-session cookies

API Security

Server-side validation, CSRF protection, rate limiting

Audit Trail

Immutable event log for all sensitive operations

Backups

Daily automated backups with point-in-time recovery

Monitoring

Real-time alerting for suspicious access patterns

Penetration Testing

Annual third-party security assessments

Questions?

Security is a conversation.

If you have questions about how we handle your data, want to request an export, or need to report a security concern — reach out anytime.