SealedRoute

Self-attested controls and policy information for vendor review

SealedRoute provides self-attested information about controls and policies used to support vendor review of medical-courier workflows.

A signed BAA is required before PHI. Current materials describe product safeguards and operating policies; they are not third-party assurance.

Our HIPAA approach

SealedRoute maintains a self-attested review of administrative, physical, technical, and documentation safeguards relevant to its current product and operations.

Available materials describe controls in four areas:

  • Administrative: security responsibilities, access administration, incident handling, training, and BAA procedures.
  • Physical: workforce device, remote-work, media-handling, and disposal policies.
  • Technical: tenant isolation, authentication, role-based access, audit logging, encryption, log redaction, secure transport, and signed snapshot integrity.
  • Documentation: policy maintenance, access reviews, training records, incidents, and BAA records.

What we've implemented

The following current product controls are described for buyer diligence in non-engineering language:

  • Tenant isolation: tenant-scoped database access using PostgreSQL row-level security and fleet context, with automated isolation tests.
  • Authentication and role-based access: unique accounts, active-user checks, lockout after repeated failed logins, and role-gated manager paths.
  • Fail-closed audit logging: for PHI-relevant actions, the audit writer is designed to fail closed — if the audit record cannot be written, the protected action does not silently continue. Audit and security-event logs are append-only (database revokes and triggers block updates and deletes).
  • PHI-minimized audit packets: exported snapshots omit patient identifiers and raw signature, photo, address, GPS, and custody-note values. Signed snapshots can be checked for later content changes.
  • AES-256-GCM encryption for cached audit-packet artifacts, with authenticated data bound to the fleet, packet, and snapshot hash.
  • PHI-safe logging: logging utilities redact credentials, tokens, patient/ePHI/PHI fields, signature and photo references, MFA secrets, and SSN-shaped values before anything is written to application logs.
  • Browser security headers: a per-request Content-Security-Policy nonce, frame and content-type protections, a strict referrer policy, and HSTS in production.

Business Associate Agreement

A signed customer Business Associate Agreement is required before SealedRoute processes customer PHI.

Contract and activation review must be completed before PHI workflows are enabled; purchasing a plan alone does not authorize PHI processing.

What packet signature verification shows

Packet signature verification confirms that the embedded signed snapshot has not changed since signing. It does not authenticate arbitrary rendered HTML and does not prove physical events, lab acceptance, or HIPAA compliance.

Evidence for your security review

Qualified buyers may request currently available self-attested materials under NDA and ask specific questions directly.

  • Self-attested controls summary
  • Current security and operating policy documentation

Other evidence is being prepared and is not represented as currently requestable.

We’ll answer specific diligence questions directly.