Security
PHI protection isn’t a checkbox.
LABDATA 360° was designed for protected health information from its first line of code. Multi-factor authentication, audit logging, encryption, and role-based access are enforced at the database, not just in the UI.
HIPAA-aligned controls
Built from the first commit to handle protected health information. Administrative, physical, and technical safeguards mapped to the HIPAA Security Rule.
MFA / AAL2 enforcement
Multi-factor authentication is required for password sign-in and enforced at the database layer via AAL2 row-level security on every PHI table — not just at the UI.
Encryption in transit & at rest
TLS 1.2+ everywhere. AES-256 at rest for the database, file storage, and HL7 message blobs. Keys managed by the cloud provider.
Complete audit trail
Every PHI read and write is logged with user, organization, time, and target record. Audit data is retained for the regulatory window and exportable.
Role-based access groups
Lab employees, organization administrators, and clinical/billing users see only what their role and access groups allow. Hierarchy-based access for sales and collection management.
Locked-once-transmitted
Once an order has been transmitted to your LIS, it is locked from edits — protecting the integrity of the message you actually sent. Corrections flow through a controlled unlock-and-edit path.
Want to see the security documentation?
Our security overview, BAA template, and HIPAA control mapping are shared during the qualification call. Request access and we’ll include them with your demo invitation.
See LABDATA 360° on a real workflow.
Tell us a little about your laboratory and we’ll provision a guided demo. No credit card, no contract — just a 30-minute working session with our team.