Home

Security

This page is maintained by My Health Passport. It describes controls that are enabled today. It is not a certification and is not a substitute for a formal audit report.

Network & transport

All requests are served over HTTPS/TLS. HSTS is enforced on our published domains. No PHI is placed in URLs.

Authentication

Email/password and Google OAuth. Configurable session inactivity timeout, re-authentication before sensitive actions (Export, Tap-to-share, Account deletion), and an MFA-required flag per account.

Authorization

Row-level security is enabled on every table storing patient data. Roles (patient / practitioner / manufacturer / admin) are stored in a dedicateduser_roles table and checked via ahas_role() security-definer function.

Encryption

Data is encrypted at rest by our hosting platform. The most sensitive PHI fields (date of birth, diagnoses, free-text notes) are additionally encrypted at the application layer using AES-256-GCM with a server-side key.

Logging & auditability

A unified phi_access_log records every read, write, export, share, and handoff action, including actor role, subject, method, IP and user-agent. Admins can review the log and investigate detected anomalies.

Agent observability

Every AI agent invocation is recorded in agent_runswith latency, cost, and status. Inputs and outputs are scrubbed of PHI before storage.

Vulnerability reporting

Please report suspected issues tosecurity@myhealth.app.

See also: Trust Center · Privacy · Subprocessors