Security

Client browsers should be kept up to date with the latest security updates and configured to allow Seegnal's URI to load, retrieve data, show images, and execute JavaScript as part of the security policy of the EHR organization.

Scheme — the site scheme is HTTPS, TLS 1.2 or higher.

Seegnal is a cloud-based solution and the site certificate is provided as *.seegnal.com. In special cases a client certificate can be hosted to provide a dedicated environment used exclusively by the EHR. In that case, certificate update and maintenance must be synced between the organization and Seegnal to avoid DOS errors.

For on-premise deployments, certificate production is the responsibility of the hosting organization. The organization generates and renews the certificates according to its internal PKI and security policies.

Seegnal needs to host the certificate files — *.pfx and *.key — on Seegnal's servers in order to serve the site under the organization's domain. The organization must deliver the files securely and notify Seegnal ahead of any expiration or rotation to avoid downtime.

Seegnal supports multiple authentication methods to fit organization 3rd-party policies and standard integration patterns:

• JWT — signed JSON Web Tokens for stateless API authentication.
• SAML — federated SSO with enterprise identity providers.
• SMART on FHIR — OAuth 2.0 / OpenID Connect profile for healthcare apps.
• Basic — HTTP Basic authentication for simple server-to-server flows.
• Custom encryptions — tailored token / payload encryption agreed with the organization.

The chosen method is agreed during integration and configured per environment to align with the organization's security policies.

Seegnal's site is blocked by default for cross-origin requests. Cross-origin access is enabled for specific EHR sites where communication between host and Seegnal is essential (see iFrame integration in hosting guidelines).

Seegnal supports high standards of quality and compliance:

• HIPAA — U.S. healthcare regulation safeguarding the privacy and security of protected health information (PHI).
• GDPR — European Union regulation governing the protection and lawful processing of personal data.
• OWASP — industry-standard practices for identifying and mitigating common web application security risks.
• ISO — international standards (e.g. ISO 27001) for information security management and operational quality.
• CE — European conformity marking indicating compliance with EU health, safety, and regulatory requirements.

Seegnal also embraces the local regulatory standards of the organization's country and its internal policies, aligning deployments with regional requirements.

Seegnal does not rely on client cookies but uses them if allowed. Seegnal uses HTTP server-side encrypted cookies. These cookies are not accessible by JavaScript and cannot be resolved by it. They are session-based and disposed of on browser close.

Seegnal recommends using browser cache for optimization of site load time.

To enhance the user experience on Seegnal's website, we may use 3rd-party walkthrough guides and/or analytics tools (e.g. Google Analytics, Pendo, etc.).

These libraries call certain remote URLs which need to be allowed by cross-domain configuration and the EHR hosting environment policy.

These tools are loaded at application startup and can be disabled if the EHR and/or Seegnal requires.