Built for healthcare
MASLOW is designed from the ground up to handle sensitive health information securely. This page summarizes our approach to security across the platform.Infrastructure
- Cloud hosting — hosted on AWS with infrastructure designed for healthcare workloads
- Encryption in transit — all data transmitted over TLS 1.2+
- Encryption at rest — all stored data encrypted using AES-256
- Network isolation — backend services run in private subnets with no direct internet access
Authentication
- Provider/admin authentication — secure login with email and password via AWS Cognito
- Patient access — magic link authentication (no passwords to steal or phish)
- Session management — automatic session expiration and secure token handling
Access control
- Role-based access — three roles (admin, provider, patient) with the principle of least privilege
- Data isolation — patients can only see their own data; providers see only their assigned patients
Compliance
HIPAA compliance
How MASLOW meets HIPAA requirements for protected health information.
Data handling
Encryption, data retention, and audit logging details.