Security & Data Protection

Your patient data is not our data. We just keep it safe.

Healthcare data is the most sensitive personal information that exists. A patient’s diagnoses, medications, reproductive history, and mental health records are not abstract data points. They are intimate facts about real people that can affect careers, relationships, insurance, and lives if mishandled.

Patient data stored in Medisray belongs to the clinic. Not to Medisray, not to any third party, not to an advertiser. You control it. You can export it at any time. You can delete it. That is not a feature. That is a commitment.

AES-256 Encrypted
TLS 1.3 In Transit
ISO 27001 Hosting
🇮🇳 India-Resident Data
Daily Backups
MFA Available
DPDP Aligned

Encryption

How your data is protected in storage and in transit

Encryption is the foundation of data security. Medisray applies it at two layers: when data is stored (at rest) and when it moves between your device and our servers (in transit).

At rest: AES-256

All patient data stored in Medisray: records, prescriptions, uploaded documents, billing history is encrypted using the Advanced Encryption Standard with a 256-bit key (AES-256). This is the same encryption standard used by financial institutions, government agencies, and defence systems worldwide.

What AES-256 means in practice?

Even if someone were to obtain the raw files from our storage systems, they would be unreadable without the decryption key. The data is not just access-controlled, it is cryptographically protected at the file level.

In transit: TLS 1.3

Every request between your browser or mobile device and Medisray’s servers is encrypted using Transport Layer Security version 1.3 (TLS 1.3) – the current highest standard for data transmission security.

What TLS 1.3 means in practice: When your receptionist opens a patient record, when a prescription is sent over WhatsApp from Medisray, or when a billing record syncs between your device and the cloud, that data cannot be intercepted and read in transit. Older, weaker protocol versions (TLS 1.0, 1.1) are not supported.

Key management

Encryption keys are managed separately from the data they protect. Keys are rotated on a defined schedule and are never stored alongside the encrypted data. Access to key management infrastructure is restricted to a minimal set of authorised personnel and logged to an immutable audit trail.

Hosting & Data Residency

Where your data lives and why it matters

India-resident data

All patient data processed and stored through Medisray is hosted within India. It does not cross Indian borders unless you explicitly request a data export and transfer it yourself.

This matters for two reasons. First, it keeps your patient data within the jurisdiction of Indian law specifically the Digital Personal Data Protection (DPDP) Act, 2023 and the IT (SPDI) Rules, 2011. Second, it means that any government or regulatory request for access to your data must be made through Indian legal channels, not through the legal systems of foreign governments.

ISO 27001-certified infrastructure

Medisray is hosted on infrastructure that holds ISO/IEC 27001:2022 certification. The international standard for information security management. ISO 27001 certification is not self-declared. It requires independent audit by an accredited certification body that assesses security controls, risk management processes, access policies, incident response procedures, and physical security of data centre facilities.

What this means for your clinic?

You are not trusting Medisray’s word that the servers are secure. You are trusting a process that has been independently audited by a third party against an internationally recognized standard.

Physical security

The data centers hosting Medisray infrastructure operate 24/7 physical security, biometric access controls, CCTV monitoring, redundant power supplies, and fire suppression systems. Medisray staff do not have physical access to data centre hardware; access is managed through our cloud infrastructure provider under a shared responsibility model.

Infrastructure redundancy

Primary hosting runs across multiple availability zones within India. This means that if one physical location experiences an outage power failure, network disruption, or hardware fault – patient data and clinic operations continue from a secondary location without data loss.

Access Controls

Who can see what and how we enforce it

Role-based access control (RBAC)

Every user in Medisray is assigned a role that determines what they can see and do. The system ships with pre-defined roles designed for typical clinic structures:

Doctor / Clinician: full access to their own patients’ records, prescriptions, and clinical notes. Cannot access billing configuration or other doctors’ patient lists without explicit permission.

Receptionist / Front Desk: appointment scheduling, patient registration, billing. Cannot access clinical notes, prescription history, or lab reports unless explicitly enabled by the clinic administrator.

Clinic Administrator: full access to all clinic data and configuration. Responsible for setting permissions for other roles.

Billing Staff: billing records, invoice management, payment tracking. No access to clinical records.

Read-Only / Reporting: view access only, no ability to create or modify records. Suitable for owners or managers reviewing practice performance.

Roles are fully customizable by the clinic administrator. If your workflow requires a different permission structure, you can configure it.

Multi-factor authentication (MFA)

MFA is available for all Medisray accounts and is strongly recommended for the clinic administrator role and for any user accessing the system from outside the clinic premises. When MFA is enabled, a second verification step is required at login in addition to the password.

Audit logs

Medisray maintains a tamper-resistant audit log of all significant actions taken within the system:

Patient record access: every time a patient record is opened, by whom, and at what time
Data modifications: who changed what, when, with before/after values preserved
Login events: successful logins, failed attempts, MFA challenges
Data exports: when and by whom a data export was initiated
Permission changes: when a user’s role was modified and by whom

Session management

Active sessions time out after a configurable period of inactivity (default: 30 minutes). Session tokens are rotated on each authentication event and invalidated immediately on logout. Concurrent sessions from multiple devices are permitted but logged.

Backup & Recovery

What happens if something goes wrong

Data loss is not an acceptable outcome for a clinic. A patient’s prescription history, visit notes, or billing records cannot be reconstructed from memory. Medisray’s backup architecture is designed so that even in a worst-case infrastructure failure, the most you can ever lose is one day’s data and even that outcome requires a sequence of failures that our architecture is designed to prevent.

Daily automated backups

Patient data is backed up automatically every 24 hours. Backups are encrypted with the same AES-256 standard as primary data. They are stored in a geographically separate location from the primary database meaning a failure at the primary data centre does not affect the backup.

Clinic-initiated data export

In addition to automated backups, clinics can initiate a data export at any time from within the Medisray admin dashboard. Exports are delivered as standard CSV files. This is separate from the disaster recovery backup. It is the mechanism by which you take your data with you if you decide to switch platforms.

One Secure place for all your health data

Medisray does not sell your data. It does not share it with advertisers. It does not transfer it offshore without your consent. These are product commitments backed by contractual terms, not just a privacy policy paragraph.

Frequently Asked Questions

What encryption does Medisray use for patient data?

All patient data stored in Medisray is encrypted at rest using AES-256, the same standard used in banking and defence systems.

Where is patient data stored? Can it leave India?

All patient data is stored within India, on ISO 27001-certified infrastructure, and does not cross Indian borders. Data is hosted in Indian data centre regions and is subject to Indian law.

What happens to my data if Medisray shuts down or I switch to another platform?

You can export all your patient data at any time from the Medisray admin dashboard, demographic records, visit notes, prescriptions and uploaded documents in standard CSV format.

Can I see who has accessed patient records in my clinic?

Yes. Medisray maintains a detailed audit log of every record access event like who opened the record, at what time, and from which device. The audit log also covers modifications, data exports, login events, and permission changes.

Does Medisray sell or share patient data with third parties?

No. Patient data is never sold. It is never shared with advertisers, insurance companies, pharmaceutical companies, or data brokers.

Security Index