Security

Security aspects for hosting Seegnal's Web UI: SSL/TLS, certification, cross-origin, cookies, cache, and 3rd-party tools.

SSL / Scheme

Client browsers should be kept up to date with the latest security updates and configured to allow Seegnal's URI to load, retrieve data, show images, and execute JavaScript as part of the security policy of the EHR organization.

Seegnal default scheme is HTTPS using TLS 1.2 or higher. Enforcing of a specific TLS version (e.g. 1.3) is possible.

Certification

Seegnal is a cloud-based solution and the site certificate is provided as *.seegnal.com. In special cases a client certificate can be hosted to provide a dedicated environment used exclusively by the EHR. In that case, certificate update and maintenance must be synced between the organization and Seegnal to avoid DOS errors.

On-Premise

For on-premise deployments, certificate production is the responsibility of the hosting organization. The organization generates and renews the certificates according to its internal PKI and security policies.

The organization may use any domain it owns and is not required to provide the same domain used by other systems in the organization. What matters is that the organization can resolve the chosen domain and approve the SSL certificate. For example, if the organization domain is *.ehr.com, it may provide Seegnal with a dedicated domain such as *.ehr-sgnl.com.

Seegnal needs to host the certificate files — *.pfx and *.key — on Seegnal's servers in order to serve the site under the organization's domain. The organization must deliver the files securely and notify Seegnal ahead of any expiration or rotation to avoid downtime.

Authentication

Seegnal supports multiple authentication methods to fit organization 3rd-party policies and standard integration patterns:

  • JWT — signed JSON Web Tokens for stateless API authentication.
  • SAML — federated SSO with enterprise identity providers.
  • SMART on FHIR — OAuth 2.0 / OpenID Connect profile for healthcare apps.
  • Basic — HTTP Basic authentication for simple server-to-server flows.
  • Custom encryptions — tailored token / payload encryption agreed with the organization.

The chosen method is agreed during integration and configured per environment to align with the organization's security policies.

Cross-Origin

Seegnal's site is blocked by default for cross-origin requests. Cross-origin access is enabled for specific EHR sites where communication between host and Seegnal is essential (see iFrame integration in hosting guidelines).

Standards

Seegnal supports high standards of quality and compliance:

  • HIPAA — U.S. healthcare regulation safeguarding the privacy and security of protected health information (PHI).
  • GDPR — European Union regulation governing the protection and lawful processing of personal data.
  • OWASP — industry-standard practices for identifying and mitigating common web application security risks.
  • ISO — international standards (e.g. ISO 27001) for information security management and operational quality.
  • CE — European conformity marking indicating compliance with EU health, safety, and regulatory requirements.

Seegnal also embraces the local regulatory standards of the organization's country and its internal policies, aligning deployments with regional requirements.

Tenant Isolation

Each tenant is provisioned with its own isolated environment resources, including networking, databases, and processing units. This separation ensures that tenant data and compute workloads remain fully segregated from those of other organizations.

Every tenant is provided with two environments — Stage and Production — each with its own dedicated resources. These environments do not share infrastructure, so development, testing, and validation activities on Stage never overlap with or impact Production workloads.

Stage is not intended for real production data or live clinical workflows. It is a validation and testing environment used to preview changes, validate integrations, and confirm behavior before promoting to Production.

PHI

Protected Health Information (PHI) is any health data that can be linked to an individual patient, including identifiers such as name, medical record number, demographics, or clinical details.

Seegnal does not hold patient PHI except for the patient's "Birth Date", which is required for clinical decision support. Seegnal does not store any personal information about the patient or the prescriber.

Identifiers sent by the tenant are encoded by the tenant and encrypted by Seegnal before being placed at rest. Data in transit is protected using SSL/TLS, and data at rest is encrypted. Encryption at rest can be configured with an explicit key.

The duration for which data is stored at rest is determined by the relevant regulation and the agreement between the organization and Seegnal.

Logs & Monitor

Seegnal uses ELK and/or the Logz.io platform for logging and monitoring. The logs contain operational and functional information only — they do not include any PHI or patient-identifiable data.

Errors are monitored continuously and are typically handled within a few minutes, according to the support agreement between the organization and Seegnal.

Environment infrastructure is also monitored. Error handling and escalation are determined by the resource type, the environment location (cloud or on-premise), and the error type.

Cookies & Session

Seegnal does not rely on client cookies but uses them if allowed. Seegnal uses HTTP server-side encrypted cookies. These cookies are not accessible by JavaScript and cannot be resolved by it. They are session-based and disposed of on browser close.

Session state is managed with JWT and limited in time according to the integration flow, usually around 15 minutes. Links issued during authentication are one-time and not reusable, unless explicitly required by the integration.

Cache

Seegnal recommends using browser cache for optimization of site load time.

3rd Parties

To enhance the user experience on Seegnal's website, we may use 3rd-party walkthrough guides and/or analytics tools (e.g. Google Analytics, Pendo, etc.).

These libraries call certain remote URLs which need to be allowed by cross-domain configuration and the EHR hosting environment policy.

These tools are loaded at application startup and can be disabled if the EHR and/or Seegnal requires.