documentation in progress

We won’t publish a security overview until we can back it with evidence.

Most of MediFlow’s security posture lives in code today — organization isolation, server-side role checks, PHI-safe audit metadata, AI minimization gates. The formal overview will be published when each control can point to tests, screenshots, and provider agreements rather than claims.

Request the current stateoffice@kesharon.com · response within 2 business days

trust boundaryv0.read-me

mediflow/
├── client/       ui state · cosmetic only
│   └── never the source of truth
├── functions/    server-authoritative
│   ├── auth         session + org scope
│   ├── rbac         role check before mutation
│   ├── audit        fail-closed before write
│   └── ai           quota · flag · phi-minimize
└── storage/
    ├── phi          org-isolated · server writes
    ├── audit_log    phi-safe · append-only
    └── documents    time-bound urls

Sensitive mutations are authorized at the function layer. The client never sees a permission it can’t prove server-side.

where each control stands

Implemented in code. Verified by request.

Live status of MediFlow’s security controls. Implemented means the control is enforced in code. Verified will appear here when third-party evidence is on file.

Organization isolation
Every subscription maps to an organization workspace. PHI and operational data are scoped to that workspace.
implementedCompliance direction →
Role-based access
Owner, Admin, Clinician, Staff, Billing, Readonly. Checks enforced at the server/function boundary.
implementedRBAC model →
Audit foundations
Clinical, billing, membership, AI, and admin events modeled with actor context and PHI-safe metadata.
implementedAudit foundations →
PHI handling
Server-side mutations only. Fail-closed audit writes block the mutation when audit fails.
in progressby request →
Authentication & sessions
Unique user identities. MFA enforcement is treated as a launch gate, not a post-launch ask.
in progressby request →
AI privacy controls
Server-side execution, feature-flagged, quota-aware, PHI-minimized, human-reviewable outputs.
in progressby request →
Document security
Time-bound document URLs, server-side access checks on upload and read.
documentingby request →
Monitoring & incident response
Runbooks, on-call rotation, retention schedule, breach notification timelines.
plannedby request →
External evidence
BAA, DPA, subprocessor inventory, penetration testing, SOC 2 readiness, network allowlists.
plannedby request →

what we won’t claim yet

This page will not assert completed security certifications, full production hardening, penetration testing, end-to-end encrypted PHI, external audit streaming, network allowlists, or enterprise identity provisioning until those controls are implemented, verified, and contractually supported.

If you need a current readiness statement before launch, ask — we’ll share what’s real today and what is still being built.

Ask for the current readiness statement

We won’t publish a security overview until we can back it with evidence.

Implemented in code. Verified by request.

Organization isolation

Role-based access

Audit foundations

PHI handling

Authentication & sessions

AI privacy controls

Document security

Monitoring & incident response

External evidence

Compliance pages