Security & Compliance

Security is not a feature.
It's the architecture.

Most platforms encrypt data in transit and call it compliant. LUKE encrypts every sensitive field at rest, chains every action in a tamper-proof audit trail, and isolates every tenant at the database level.

HIPAA Compliant
AES-256 Encryption
Per-Tenant Isolation
Hash-Chained Audit
Encryption

Field-level AES-256.
Not just TLS in transit.

Every PHI field is encrypted at rest with AES-256. Names, dates of birth, medical records, prescriptions -- each field is individually encrypted before it touches the database.

SHA-256 hash columns enable lookups without decryption. Your application can search for a patient by hashed identifier without ever exposing the plaintext value in a query.

Encryption keys are per-tenant -- a breach in one practice never exposes another's data. Key rotation is handled via MultiFernet with zero downtime: new keys encrypt, old keys still decrypt during the transition window.

AI conversations receive the same protection. Every chat, voice transcript, and WhatsApp message processed by the AI engagement layer is encrypted with the same per-tenant keys and logged in the same audit trail. No separate data store. No reduced security for AI interactions.

patient_record AES-256
id ptnt_8a4f2c
full_name gAAAAABl...xK7mQ==
dob gAAAAABl...p3nRw==
ssn gAAAAABl...vT8zA==
name_hash a7f3c9...e2d1b4
tenant_id tn_westside
Encrypted at rest MultiFernet · Per-tenant key
Audit Trail

Every action. Cryptographically chained.

Every event in LUKE is written to an append-only audit log. Each entry contains the SHA-256 hash of the previous entry. If a single record is altered, the chain breaks. Tamper-detectable by design -- not by policy.

9:04:12 AM
Patient record accessed -- Dr. Sarah Chen viewed chart for J. Martinez user: dr_chen · tenant: westside_clinic · action: READ
a7f3...c9e2 prev: 0000...0000
hash(prev) →
9:07:34 AM
Prescription verified -- Lisinopril 10mg approved for J. Martinez user: dr_chen · tenant: westside_clinic · action: WRITE
3b1d...f8a7 prev: a7f3...c9e2
hash(prev) →
9:12:01 AM
Order completed -- Prescription fulfillment confirmed, tracking generated user: system · tenant: westside_clinic · action: WRITE
e5c8...2d4f prev: 3b1d...f8a7
hash(prev) →
2:45:18 PM
Data exported -- Compliance report generated for Q4 audit review user: admin_ops · tenant: westside_clinic · action: EXPORT
9f2a...b71e prev: e5c8...2d4f
Chain integrity verified -- 4 entries SHA-256 · Append-only · Immutable
Multi-Tenancy

Your data lives in a vault.
Not a shared folder.

Tenant isolation is enforced at the database level -- not just in application code. Even if a bug slips through, the database itself prevents cross-tenant data access.

PostgreSQL Row-Level Security
RLS policies automatically filter every query by tenant ID. The database enforces isolation on every SELECT, INSERT, UPDATE, and DELETE -- regardless of what the application code does.
Per-Tenant Encryption Keys
Each practice gets its own encryption key managed through a secure key hierarchy. Compromise of one key has zero impact on any other tenant's data.
Crypto-Shredding
When a tenant offboards, deleting their encryption key renders all their PHI permanently unrecoverable -- no row-by-row deletion needed. Instant, verifiable data destruction.
Tenant-Aware RBAC
Role-based access control operates within tenant boundaries. A practice admin manages their own users and permissions. Platform admins operate in a separate, audited context.
tenant: westside_clinic
patients 1,247 records
encryption_key key_ws_***
rls_policy ENFORCED
Row-Level Security
tenant: eastpark_medical
patients 892 records
encryption_key key_ep_***
rls_policy ENFORCED
Authentication

Defense in depth. Every layer.

JWT with MFA (TOTP)
Time-based one-time passwords for every login. 15-minute session timeouts enforce HIPAA-compliant access windows. No session lingers longer than it should.
Role-Based Access Control
Patient, physician, support, and admin roles with granular permissions. Each role sees only what it needs. Privilege escalation is logged and flagged.
Breached Password Detection
HIBP k-anonymity checks every password against known breaches without exposing the password itself. Compromised credentials are blocked before they are ever set.
Refresh Token Rotation
Every token refresh issues a new token and invalidates the old one. If a stolen token is reused, automatic revocation kicks in and the session is terminated.
Rate Limiting
Per-IP and per-user throttling prevents brute force attacks and credential stuffing. Limits are tuned per endpoint -- login attempts are more aggressively throttled than read operations.
Session Management
HIPAA-compliant session timeouts with forced re-authentication after inactivity. Concurrent session limits prevent credential sharing across devices.
Audited Impersonation
Support staff can view patient accounts in read-only mode with full audit trail logging. Every impersonation session records the actor, reason, and duration -- meeting HIPAA minimum-necessary requirements.
Automated Breach Detection

Anomalies detected in real time.
Not discovered in an audit.

LUKE continuously monitors access patterns across every tenant. When behavior deviates from normal baselines, the system flags it immediately -- before a breach becomes a breach.

Bulk PHI Access
Unusual volume of patient records accessed in a short window triggers an immediate alert. Whether it's a compromised credential or an insider threat, bulk extraction patterns are flagged before data leaves the system.
After-Hours Activity
Access outside normal business hours is logged and scored against historical patterns. A provider checking one chart at 9 PM is routine. The same account querying 200 records at 3 AM is not.
Failed Authentication Spikes
Sudden spikes in failed login attempts are detected as potential brute force attacks. The system escalates from rate limiting to temporary lockout to admin notification -- automatically, within seconds.
Unauthorized Access Attempts
Role-based access violations are caught in real time. When a user attempts to access resources outside their permission scope -- viewing another provider's patients, accessing admin endpoints -- the attempt is blocked and logged with full context.
HHS Breach Notification Tracking
For reportable breaches affecting 500+ individuals, LUKE automatically generates the documentation required for HHS Office for Civil Rights notification -- including affected record counts, breach timeline reconstruction, and remediation steps. Smaller breaches are tracked in the annual breach log with full audit context.
Compliance

HIPAA today. SOC 2 tomorrow.

We built LUKE to exceed HIPAA requirements from day one -- not bolt compliance on after the fact. That foundation makes every future certification faster to achieve.

Current
  • HIPAA-grade infrastructure -- encryption, access controls, audit trails, and breach notification procedures built into the platform core
  • Signed BAA with every customer -- Business Associate Agreement executed before any PHI is processed
  • 7 compliance API endpoints -- audit chain verification, PHI access reporting, patient data export and deletion (admin + self-service), and breach notification with HHS OCR guidance
  • GDPR-style data rights -- full data export and deletion on request, with anonymization cascading across every related record
  • 58 security findings remediated -- comprehensive security audit covering authentication, encryption, race conditions, injection prevention, and infrastructure hardening -- all addressed before launch
  • 272 automated tests -- including dedicated security, encryption, and concurrency suites that run on every deployment
  • Multi-state provider licensing -- built-in support for practices operating across state lines, with per-state credential verification, license expiration tracking, and scope-of-practice enforcement baked into the provider management layer
Roadmap
  • SOC 2 Type II certification -- builds directly on existing HIPAA infrastructure, covering security, availability, and confidentiality trust principles
  • HITRUST CSF assessment -- the gold standard for healthcare information security, unifying HIPAA, NIST, and ISO 27001 requirements
  • Regular penetration testing -- third-party security assessments with published remediation timelines and transparent reporting

One BAA. Not five.

With LUKE, you sign one Business Associate Agreement that covers clinical data, commerce transactions, CRM records, and communications. No more juggling compliance across multiple vendors.

Clinical Data Commerce CRM Records Communications

Your patients' data deserves better.

Book your free consultation