Clinify's Security Posture

At Clinify, we're on a mission to transform healthcare with AI-powered solutions. Our flagship product, Clinify Notes, streamlines clinical documentation while prioritizing patient data security and privacy.

We understand the responsibility that comes with handling sensitive information. In this blog post, we'll shed light on our comprehensive approach to security and privacy, ensuring that our clients can trust us with their most valuable asset: their patients' information.

Advanced Authentication Methods

Leveraging the forefront of authentication technology, our platform secures access through FIDO2 Passkeys, a modern alternative to traditional logins, known for its:

1. Enhanced Security: Passkeys use public key cryptography, ensuring credentials are unique and never stored on servers. Passkeys are also immune to phishing attacks compared to other 2FA methods which are still vulnerable.
2. Improved Convenience: Familiar sign in methods like biometrics or PINs on your device are required to use your passkey, providing a seamless user experience.

For enterprise plans, we also offer support for SAML-based single sign-on (SSO) solutions, allowing you to integrate your existing identity provider with Clinify.

Session Management and Control

Clinify provides robust session management tools that give you full control over your account's active sessions. With these tools, you can easily monitor account activity and identify any suspicious sessions.

If you come across any suspicious or unnecessary sessions, you can terminate them with just a single click. This also allows you to securely log out of forgotten sessions on unattended devices, ensuring the security of your account and sensitive information.

Role-Based Access Controls

Our role-based access controls (RBAC) ensure team members only have access to the appropriate doctor accounts in your practice management system (PMS). With RBAC, you can:

1. Easily Invite Team Members: Grant access to the platform and its features with just a few clicks.

2. Assign Roles: Tailor access levels based on each team member's responsibilities. Securely link team members with their respective doctor accounts in your PMS.
3. Revoke Access: Quickly revoke access for team members who no longer require it, keeping your data secure.

Secure and Private Clinic Connections

We securely connect to your clinic with Clinify's Connector software, which establishes a secure tunnel between your clinic's database. (Without ever exposing any ports!)

We then further secure this connection with the following combined measures:

1. Unique Access Credentials: Each connection is authenticated using a unique set of access credentials (Authorization token) that are randomly generated.
2. Digital Signatures (ECDSA): All requests from Clinify to your clinic's database are digitally signed using ECDSA with our private key. Your clinic can then verify the request's origin and integrity using our public key.

Our multi-layered security approach mutually authenticates your clinic with Clinify, ensuring that no one can access your clinic's data even if there was credential leakage. We're paranoid about security, so you don't have to be!

Encryption at Rest and in Transit

All sensitive data is encrypted using AES-256 at rest at multiple levels at rest (application level and database level encryption).

For data in transit we enforce the use of HTTPS/TLS 1.3, ensuring that all data in transit is encrypted, tamper proof, and secure.

Continuous Monitoring and Best Practices

Our team continuously monitors for threats, follows industry best practices, and stays up-to-date with the latest security developments to keep our platform secure and resilient.

Transparent Privacy Practices

We're transparent about our privacy practices. We never store sensitive data longer than necessary, and everything is encrypted. Review our comprehensive privacy policy to understand our commitment to safeguarding your information.

At Clinify, security and privacy are at the core of everything we do. By partnering with us, healthcare providers can confidently revolutionize their practice with AI, knowing their data is in safe hands.