Designed for Patient Data Responsibility
Healthcare data is sensitive by nature. ArogyaX is built with that responsibility at its core — not through checkbox compliance, but through deliberate architectural decisions.
Security is Architecture, Not an Add-On
Many platforms treat security as a compliance layer — something applied after the product is built. ArogyaX takes a different approach: data governance decisions shape how the platform is designed from the ground up.
Every access to patient data requires a valid session, a verified role, and — where applicable — explicit patient consent. There is no "god mode" account that can view all patient records across all tenants.
This isn't just a technical choice. It reflects how we believe healthcare infrastructure should behave.
Consent-gated access · OTP verification
JWT tokens · expiry controls · device binding
RBAC · doctor / admin / staff roles
Full data isolation · no cross-tenant queries
Encrypted at rest and in transit · cloud-native
Six Practices That Define How ArogyaX Handles Data
Consent-Based Data Access
No patient data is accessed without an active, system-recorded consent event. Whether through OTP verification or explicit digital consent, every record access is traceable to a user action.
This is relevant for institutions operating under data protection regulations — ArogyaX generates and stores consent records that can be produced for audit purposes.
Comprehensive Audit Logs
Every significant action in the system generates an immutable audit log entry. Who accessed what, when, from which session, and with what outcome — all captured automatically.
Logs are accessible to institution admins for their own tenant data. They cannot be modified or deleted by any user, including administrators.
Tenant Isolation
ArogyaX serves multiple institutions on the same infrastructure, but each institution's data is logically isolated. Hospital A cannot query or observe Hospital B's patient records under any condition.
Tenant boundaries are enforced at the database query level, not through application logic — meaning there is no code path that accidentally exposes cross-tenant data.
Role-Based Access Control
ArogyaX supports distinct roles: patient, receptionist, doctor, department admin, and organisation admin. Each role has precisely defined permissions and cannot escalate without administrator action.
A receptionist can register a patient but cannot view prescriptions. A doctor can access only their assigned consultation records. This prevents horizontal privilege misuse.
Guest Session Control
When guest mode is enabled, sessions are ephemeral — they exist for the duration of the consultation and the immediately generated output (prescription PDF), after which they are not associated with any persistent identity.
Aggregate usage data is retained for institutional reporting, but individual session data is not linked to identifiable personal information in guest mode.
Secure Prescription Access
Prescription PDFs are generated and stored with access-controlled URLs. Each prescription link is tied to the originating session or patient record — it cannot be shared as an open public link.
Links expire after a configured duration. Doctors and administrators can regenerate access for a patient, but this action is logged. Prescriptions are never emailed as unprotected attachments by default.
Every Action, Traceable and Timestamped
The audit log is always on. Institution admins can filter, export, and review logs within their tenant dashboard at any time.
| Timestamp | Actor | Role | Action | Resource | Status |
|---|---|---|---|---|---|
| 2025-04-12 09:14:02 | dr.sharma@hospital.in | Doctor | VIEW_CONSULTATION | cns_a7b2c3 | Authorised |
| 2025-04-12 09:16:45 | dr.sharma@hospital.in | Doctor | GENERATE_PRESCRIPTION | cns_a7b2c3 | Authorised |
| 2025-04-12 09:18:10 | reception_01 | Receptionist | REGISTER_PATIENT | pt_new_8810 | Authorised |
| 2025-04-12 09:22:33 | reception_01 | Receptionist | VIEW_PRESCRIPTION | rx_cns_a7b2c3 | Denied — Insufficient Role |
| 2025-04-12 09:45:00 | admin@hospital.in | Org Admin | EXPORT_AUDIT_LOG | tenant_logs_2025-04 | Authorised |
Sample log entries for illustration. Actual log format and fields are configurable per institution.
How Patient Data is Stored and Transmitted
Encryption in Transit
All communication between the patient interface, the ArogyaX platform, and the doctor console uses TLS 1.2 or higher. No unencrypted data traverses the network at any point in the workflow.
Encryption at Rest
Patient records, consultation logs, and prescription documents are stored with AES-256 encryption. Encryption keys are managed separately from the data store.
Data Residency
By default, all data is stored within India on cloud infrastructure that complies with domestic data residency requirements. Regional data residency options are available for enterprise deployments.
Have Security or Compliance Questions?
We're happy to share detailed technical documentation, answer specific compliance questions, or conduct a security architecture review with your IT or legal team.