Zero-Trust Architecture
At Nvert, we recognize that patient DICOM scans and STL impressions constitute highly sensitive Protected Health Information (PHI). Unlike off-the-shelf cloud drives or unsecured email threads, our custom doctor portal is built from the ground up prioritizing medico-legal compliance and strict access controls.
Core Security Measures
- Data Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.3 protocols.
- Database Isolation: Row-Level Security (RLS) via Supabase guarantees that you can only ever access cases tied to your cryptographically verified medical license and account.
- Closed-Loop Storage: We utilize specialized AWS S3 buckets with strict CORS and signed-URL access requirements. Files are never physically available to the public internet.
- Comprehensive Audit Logging: Every login attempt, file upload, plan modification, and final legal approval is permanently stamped and logged for your protection.
Business Associate Agreements (BAA)
Nvert acts as your Business Associate under the HIPAA Privacy Rule. We provide a robust, standardized Business Associate Agreement (BAA) to all active users to ensure complete regulatory alignment. We also maintain active BAAs with all our sub-processors (AWS, Supabase, Vercel).
Need a BAA before you submit a case?
A signed BAA is included in every Nvert account at no charge. Our team can have one in your inbox the same business day.