Skip to content
Security & compliance

Trust, built into every layer

From the session cookie to the audit trail, MedOps is hardened by default — so patient data stays protected and every action stays accountable.

Security & compliance

Secure by design, auditable by default

Patient data deserves more than a login screen. MedOps hardens every layer — from the session cookie to the audit trail.

AES-256 cookie sessions — httpOnly, no localStorage tokens.

15-min auto-logout on inactivity.

Two-step login — email → OTP or password, invite set-password & OTP reset.

Capability-based RBAC — feature.action, not raw role checks.

Tenant-scoped audit logs in MongoDB, with an Audit Logs page.

Hardened API — Helmet, per-IP rate limits, /v1 versioning & Swagger at /docs.

Session · encrypted

Active
AuthToken · AES-256 · httpOnly · SameSite=Strict

Recent audit trail

patient.create · op@apex · 09:24
prescription.sign · dr.rao · 09:31
bill.update · op@apex · 09:33

End-to-end encrypted PHI

Zero-knowledge keys · design stage

Roadmap

Built on a modern, secure stack

NestJS PostgreSQL Prisma MongoDB · audit React Vite Tailwind CSS
Get started

Ready to modernise your hospital?

See MedOps on your own workflows. Book a 30-minute demo and we'll spin up a seeded environment for your team to explore.

  • Full feature walkthrough
  • Seeded demo data for your roles
  • Security & compliance Q&A

Book your demo

No credit card. We'll reach out within one business day.

By submitting you agree to be contacted about MedOps. This demo form is front-end only.