This page is maintained by My Health Passport. It describes controls that are enabled today. It is not a certification and is not a substitute for a formal audit report.
All requests are served over HTTPS/TLS. HSTS is enforced on our published domains. No PHI is placed in URLs.
Email/password and Google OAuth. Configurable session inactivity timeout, re-authentication before sensitive actions (Export, Tap-to-share, Account deletion), and an MFA-required flag per account.
Row-level security is enabled on every table storing patient data. Roles (patient / practitioner / manufacturer / admin) are stored in a dedicateduser_roles table and checked via ahas_role() security-definer function.
Data is encrypted at rest by our hosting platform. The most sensitive PHI fields (date of birth, diagnoses, free-text notes) are additionally encrypted at the application layer using AES-256-GCM with a server-side key.
A unified phi_access_log records every read, write, export, share, and handoff action, including actor role, subject, method, IP and user-agent. Admins can review the log and investigate detected anomalies.
Every AI agent invocation is recorded in agent_runswith latency, cost, and status. Inputs and outputs are scrubbed of PHI before storage.
Please report suspected issues tosecurity@myhealth.app.
See also: Trust Center · Privacy · Subprocessors