02 · Privacy & security

Privacy that holds up to a hard look

Reproductive health and abortion care providers face a privacy environment that other specialties don't. Patient identifiers showing up in the wrong log, an unencrypted backup left somewhere, an analytics tool that shouldn't have seen what it saw — these aren't theoretical risks here. We build with that environment as the design constraint, not as a compliance afterthought.

What that looks like in our work

Patient identifiers stay out of error reports, application logs, and third-party analytics by default — not as a setting we hope is enabled. Encryption everywhere, including the boring places that often get skipped (database backups, queue payloads, message-broker storage). Role-based access by job function: front-desk staff don't have visibility into clinical notes; clinical staff don't see operational dashboards they don't need.

We test the things that fail quietly

Backups that have never been restored from aren't backups. Audit trails nobody reviews aren't audit trails. We rehearse restores. We sample audit logs. We pen-test our own integrations. Most vendors don't, and you only find out when something goes wrong.

Familiar with state-by-state variation

What's lawful, who can prescribe, what data can cross state lines, what your retention obligations are — this varies in ways that matter to your operations. We track it as part of the job, not as an upcharge.

In practice

Talk to us about this See all services

Other things we do

Custom integrations

Your EHR, scheduling, payments, and telehealth tooling don't talk to each other — or they talk in ways that require staff to copy data by hand. We connect them, properly.

Tools for staff & patients

Most clinic software was clearly never used in a clinic. We build interfaces with the people who'll click them every day, then prune the parts they don't need.