Skip to main content
JamEMR

Trust Center

Encryption

TLS protects data in transit on exposed interfaces; data at rest is protected with disk-level encryption configured per deployment. Clinical AI processing stays local, so PHI does not transit consumer AI clouds.

The shortest path is no path

The strongest encryption story is data that never leaves. JamEMR’s clinical AI runs on dedicated local hardware inside the deployment environment, so protected health information is not transmitted to third-party consumer AI clouds for clinical AI processing. Encryption still matters everywhere data does move or rest — here is exactly where we apply it.

What is in place today

In transit

  • Exposed interfaces are protected with TLS. Browser sessions, API calls, and service-to-service traffic across exposed interfaces are encrypted.
  • Service-to-service calls additionally require registered, revocable API tokens — TLS protects the channel, token registration authenticates the caller.

At rest

  • Data at rest is protected with disk-level (full-disk) encryption. Because JamEMR runs inside the deployment environment, the exact at-rest configuration is deployment-dependent: it is established and verified as part of each deployment’s setup rather than assumed. We document the configuration for each deployment so a practice’s compliance team can verify it, and we treat at-rest encryption as a deployment prerequisite before real patient data is handled.

Around the data

  • Pilot deployments run on synthetic (non-real-patient) data until a practice’s compliance prerequisites are complete — so encryption controls are in place before PHI ever arrives.
  • Access to decrypted data is governed by role-based access controls and recorded in the audit log.

On our roadmap

  • Third-party penetration testing before general availability, which will include validation of transport security configuration.
  • Documented policy pack (in progress) covering key handling and encryption standards as formal, auditable policy rather than deployment practice.
  • Evaluation of finer-grained at-rest protections (such as field- or volume-level encryption for specific data classes) as deployments scale. We will describe these here when they are implemented, not before.

Questions

If your compliance review requires specifics about encryption configuration for a prospective deployment, contact [email protected] and we will walk through it with your team.

← Trust Center