Built for your trade
Records a small polyclinic can defend.
Versioned clinical intakes, signed records sealed for legal review, role-based access and an immutable audit trail — on encryption strong enough that GDPR erasure means the data is genuinely gone.
What you get
Clinical-grade by design
The integrity, access control and data protection a medical-adjacent practice is held to.
Patient PII is encrypted with AES-256-GCM under a tiered key hierarchy. Erasure destroys the key — the medical records, notes and photos become permanently unreadable, while the row and audit trail survive as the legal artifact.
Patients sign intakes and consents with a typed-name affirmation captured under eIDAS as a simple electronic signature, with IP, user agent, session identifier and locale recorded server-side for a defensible signing record.
Each signed record is sealed in a canonical envelope with HMAC-SHA256. A malicious edit to any field invalidates the recomputed seal — every record is independently re-verifiable, with a PDF forensic receipt for legal review.
Author intake questionnaires under a Draft → Published → Archived lifecycle with a configurable refill cadence of 1–60 months or perpetual. Re-filling supersedes the prior response and resets the cadence clock automatically.
Published consents can gate an appointment until they're signed, with PDF forensic receipts and a one-time, revocable magic link to nudge the patient to the right form. The booking simply won't confirm until the paperwork is done.
Granular roles for admins, location foremen and workers, with read-only clinical history by design for staff. Every sensitive access and change writes an append-only row to the per-tenant audit log.
Hold your records to a clinical standard
Publish your clinical forms, set your access roles, and start capturing signed, sealed records. No card required.