Security & Compliance

Security that is engineered in, not bolted on.

HPSuite+ protects South African medical practices and their patients with a defence-in-depth architecture built for POPIA and aligned to SAHPRA's emerging requirements for AI-enabled clinical software — designed so intelligent automation can work inside your practice without ever putting patient data at risk.

AES-256
Encryption at rest
4
Layers of access control
365-day
Claim audit trail
POPIA
Aligned by design
POPIA-aligned by design Complete practice isolation AES-256 encryption at rest Human-approved AI SAHPRA-aware
01 · Secure by architecture
One platform, one hardened perimeter.

Most practice systems bolt a login screen and an SSL padlock over a decades-old core, with each third-party plugin widening the attack surface. HPSuite+ handles the full clinical and financial lifecycle natively, so isolation, permission control and accountability are built into the foundation — continuous, not assembled. Patient records are Special Personal Information under POPIA, and a native single-perimeter design removes the multiplied vulnerabilities of wiring several disconnected systems together.

02 · Encryption & data protection
Bank-grade protection, by default.
Encryption at rest
Identifying patient information is stored only as AES-256 ciphertext, with the encryption key held outside the application webroot; search is preserved without exposing plaintext.
Encryption in transit
Clinical and financial data is encrypted as it moves between patient, practice and platform.
Complete practice isolation
Every practice's information lives in its own sealed space; each request is re-confirmed against your practice before any data is returned.
Record-level access control
Every individual record is re-checked against your practice's permissions the moment it is opened — a lapsed or hijacked login cannot reach what it shouldn't.
Secure record references
Records are reached through random, non-sequential references rather than simple numbers that could be stepped through.
Tamper-evident audit trail
Clinical, financial and AI actions are written to an audit trail designed to be tamper-evident. Medical-aid claim records are retained for a full 365 days as a durable evidentiary record for scheme disputes.
03 · POPIA compliance mapping
Mapped to POPIA's eight conditions.

HPSuite+ operates as the Operator, processing personal information on behalf of the practice (the Responsible Party). Lawful processing remains the Responsible Party's determination; the platform provides and enforces the technical controls that support it.

1 · AccountabilityOperator/Responsible-Party roles defined in the Operator agreement; comprehensive activity and audit logging establishes a demonstrable processing record.Practice + platform
2 · Processing LimitationAccess limited to the minimum needed, enforced by practice isolation and record-level permissions; the AI only ever sees what a task requires.Platform-enforced
3 · Purpose SpecificationInformation captured for defined clinical, billing and scheduling purposes. Claim records retained for 365 days for scheme audit; clinical records follow the applicable HPCSA retention period.Platform-enforced
4 · Further ProcessingClinical data is not repurposed; the AI is prevented from altering records and works strictly within your own practice.Platform-enforced
5 · Information QualityTouchless QR intake and optical ID / medical-aid capture populate records from source, reducing transcription error.Platform-enabled
6 · OpennessPatients complete branded, POPIA-consented intake; consent-version logging records the exact terms version, timestamp and IP on every acceptance.Practice + platform
7 · Security SafeguardsAES-256 at rest, encryption in transit, practice isolation, secure record references, hardened input handling, recoverable records, tamper-evident audit trails, and app-based multi-factor sign-in.Platform-enforced
8 · Data Subject ParticipationPatient records can be retrieved and corrected on request; recoverable deletion supports lawful erasure while preserving medico-legal integrity.Practice + platform

Regulated by the Information Regulator (South Africa); POPIA has been fully enforceable since 1 July 2021. This mapping describes the platform's technical controls and does not itself certify a practice's POPIA compliance.

04 · Safe-by-design AI
Human-approved AI, by design.

Crystal, our Clinical Sentient Employee, provides administrative and documentation support — she is not a medical device and is not used for diagnosis or treatment decisions. Crystal can read, draft and suggest, but the platform enforces hard limits she cannot step outside, and a registered clinician approves every action that has effect.

Sees only your practiceCrystal is confined to your practice's records — never another's.
Cannot alter or delete recordsDestructive actions on clinical records are blocked at the platform layer.
You approve every real actionAnything that matters pauses for your one-tap confirmation.
Reaches only what a task needsCrystal loads the minimum information a task requires, nothing more.
No internal details leakCrystal never surfaces raw internal references.

Where AI features fall within SAHPRA's evolving Software-as-a-Medical-Device scope, we are committed to the appropriate classification and authorization pathway; in the interim, our human-in-the-loop design ensures no AI output reaches a patient without a registered clinician's approval.

05 · Compliance posture
A security posture we name plainly.
Live today
AES-256 encryption at rest
Identifying patient fields are stored only as ciphertext.
Consent & terms versioning
Tamper-evident record of exactly when — and to which terms version — each person agreed.
South African data residency
Data is hosted within South Africa, supporting local data-sovereignty expectations.
Multi-factor sign-in
App-based 2FA available now for every account; practice-wide mandatory enforcement from 31 July 2026.
24-hour breach commitment
A contractual 24-hour breach-notification commitment that exceeds POPIA's statutory baseline.
ISO 13485 alignment
Software lifecycle aligned to ISO 13485 quality-system principles.
On the roadmap
ISO 27001 certification
Independent information-security certification is on our dated roadmap.
SaMD classification tracking
Ongoing SAHPRA Software-as-a-Medical-Device tracking as the AI/ML regime matures.
06 · Why native security wins
Native vs. stitched platforms.
Security dimension
HPSuite+ (native)
Typical stitched legacy stack
Patient-data isolation
Enforced by the platform on every interaction
Often applied per-module across bolted-on add-ons
AI data safety
Destructive actions blocked at the platform layer; clinician approves every action
AI typically absent, or an unmanaged add-on
Record references
Random, non-sequential references
Sequential record numbers can appear in web links
Claim audit evidence
365 days retained in the practice's own space
Often held by the third-party switching bureau
Attack surface
One integrated platform, one hardened perimeter
Multiple vendors, logins and data hand-offs

Security is a promise we can prove.

Every control described here is live in production, bound in our Operator contract, or on a dated roadmap — and each is independently verifiable in a technical review. Field-level encryption is already in force: identifying patient fields exist only as ciphertext at rest.

Our Information Officer and security contact are available on request.