healthOS
Book a demo

Solutions

Aged Care Home Care Disability Acute & Hospital

Modules

Intake Services Admin Delivery Insights Research Waitlist

Features

Government Services Clinical Coding AI Handover Wellness & Monitoring Care Pathways Deterioration Engine Notifications Bulk Integration Forms & Documents Security

More

How it works
Platform

Your data. Your cloud. Onshore always.

Sovereign deployment, customer-held encryption keys, and compliance frameworks built in from day one — not added later.

Book a demo
Capabilities

Security that doesn't require trust.

Sovereign deployment

Single-tenant, inside a cloud account you control. All data onshore in Australia. No shared infrastructure, no co-tenancy.

Encryption everywhere

AES-256 encryption at rest and TLS 1.3 in transit. Bring-your-own-key support — you hold the keys and can revoke access at any time. Cryptographic integrity checks on every record write.

APP compliance

Built against the Australian Privacy Principles. Privacy impact assessments, consent management and data minimisation are part of the platform.

7-year audit trail

Every record change captured with user, timestamp and before/after values. Immutable, queryable and always available.

Row-level security

Data access enforced at the database row level. Staff only see records for their organisation, facility and role — enforced on every query, not just the UI.

Multi-organisation

Multiple organisations, facilities and care settings inside one deployment. Each organisation's data is logically isolated — row-level policies guarantee no cross-tenant visibility.

Security posture

Sovereign deployment, encryption and compliance — at a glance.

Single-tenant, onshore, customer-keyed. Essential 8, APP and ISO 27001 controls built into the architecture.

HealthOS — Security Dashboard Security Overview Encryption Access Control Audit Trail Compliance Backups DEPLOYMENT Region: ap-southeast-2 Tenancy: Single-tenant Data onshore: Yes Encryption AES-256 + TLS 1.3 Key Management BYOK Active MFA 100% enforced Audit Trail 7 years Backups Daily Compliance Frameworks Essential 8 — ACSC Compliant ✓ App ✓ Patch ✓ MFA ✓ Admin ✓ Backup ✓ Macro ✓ Harden ✓ Network Australian Privacy Principles (APP) Compliant Privacy impact assessments | Consent management | Data minimisation ISO 27001 Ready ISMS | Risk register | Control mapping | Evidence packs included Sovereign Single-Tenant Deployment ap-southeast-2 (Sydney) | Customer-controlled cloud | Data onshore always Access Audit Log Export Time User Action Resource 08:15:02 K. Peters View record M. Thompson 08:14:45 K. Peters Login (SSO) Session 08:02:14 K. Peters AI handover Wing A 07:58:30 T. Nelson Login (SSO) Session 07:45:11 Unknown Failed login Blocked Immutable | 7-year retention | Before & after on every change Row-Level Security Organisation A Sees only own data Organisation B Sees only own data Database layer Policy enforced Encryption & Key Management At rest AES-256-GCM In transit TLS 1.3 Key custody Customer-held (BYOK) Integrity Cryptographic hash Indicative wireframe — HealthOS Security posture dashboard

Essential 8 maturity

HealthOS is designed against the Australian Cyber Security Centre's Essential 8 maturity model. Application whitelisting, patching, multi-factor authentication, restricted admin privileges, daily backups and network segmentation are built into the deployment architecture.

  • Application control and patching
  • Multi-factor authentication enforced
  • Restricted administrative privileges
  • Daily automated backups with point-in-time recovery

ISO 27001 ready

Designed for ISO 27001 certification with evidence packs included. Risk registers, control matrices and policy templates are part of the deployment — not an afterthought.

  • Information security management system (ISMS)
  • Risk register and treatment plans
  • Control mapping to ISO 27001 Annex A
  • Evidence packs for certification audits

Identity and access

Role-based access control with single sign-on. Every API call is authenticated, authorised and logged. Row-level security ensures staff see only the data their role and organisation permits — enforced at the database layer, not just the application.

  • SSO with your existing identity provider
  • Role-based access control (RBAC)
  • Row-level security across organisations and facilities
  • Attribute-based policies for sensitive records
  • Session management and automatic timeout

Security across the platform

Data & Insights

FHIR R4 data model with audit trail.

AI Handover

De-identified before it reaches the LLM.

Research

De-identification and ethics-ready exports.

See the security model first-hand.

A 45-minute walkthrough covering deployment architecture, encryption, access controls and compliance evidence.

Book a demo Back to home