Security

Ward is designed for healthcare environments with strict security and compliance requirements.

Data Protection

Encryption

Data State	Encryption
In transit	TLS 1.3
At rest	AES-256
Backups	AES-256

All cloud communication uses HTTPS. Local hub diagnostics use HTTP on the facility LAN. Database storage and backups are encrypted.

Access Control

Row Level Security (RLS) ensures data isolation:

Staff only access their facility's data
Role-based access controls limit functionality
API keys scoped to specific devices

Authentication:

Password-based (minimum 12 characters)
Optional SSO via SAML 2.0 (Okta, Microsoft Entra ID, PingIdentity) or OIDC
Multi-factor authentication (TOTP via authenticator apps)
Session management with secure tokens
Automatic session expiration

Audit Logging

All writes to patient data are logged:

Who made the change
When the change occurred
What action was taken (create, update, acknowledge, resolve)

Logs retained per facility retention policy (minimum 7 years).

HIPAA Compliance

Ward supports HIPAA compliance:

Technical Safeguards

Access controls (unique user IDs, role-based access)
Audit controls (comprehensive logging)
Integrity controls (data validation, database constraints)
Transmission security (TLS encryption)

Administrative Safeguards

Business Associate Agreement (BAA) with infrastructure provider
Incident response procedures
Risk assessments

Physical Safeguards

Supabase infrastructure provides:

Facility access controls
Workstation security
Device and media controls

Credential Management

User Passwords

Minimum 12 characters
Passwords hashed by Supabase Auth (bcrypt)
Never stored in plain text
Never logged

API Keys (Sensor Hubs)

Generated with cryptographic randomness (256-bit)
Stored as SHA-256 hash in hub config (cannot be retrieved)
Displayed exactly once at registration
Scoped to specific devices
If lost, hub must be deactivated and re-registered

EMR Credentials

Client secrets encrypted at rest
Never logged or displayed
Access limited to IT admins

Network Security

Firewall

Only HTTPS (443) exposed publicly
Internal services use private networking
Sensor hubs connect via outbound HTTPS only

DDoS Protection

Rate limiting on sensor and EMR ingest endpoints
Cloud provider DDoS mitigation

Vulnerability Management

Code Security

Static analysis (Semgrep) in CI/CD
Dependency scanning (npm audit)
No medium+ severity findings allowed
Regular security reviews

Penetration Testing

Third-party penetration test scheduled for Q2 2026
Test reports will be available to customers

Incident Response

Detection: Automated monitoring and alerting
Containment: Isolate affected systems
Eradication: Remove threat
Recovery: Restore normal operations
Lessons Learned: Post-incident review

Customers notified within 72 hours of confirmed breaches.

Data Retention

Data Type	Active	Archive	Total
Observations	1 year	6 years	7 years
Alerts	1 year	6 years	7 years
Vitals	1 year	6 years	7 years
Assessments	1 year	6 years	7 years
Audit logs	1 year	6 years	7 years
Sensor events	90 days	—	90 days

Configurable per facility based on regulatory requirements.

Compliance

HIPAA: Business Associate Agreement available for all customers
Infrastructure: Hosted on Supabase (SOC 2 Type II certified, HIPAA eligible)
Encryption: AES-256 at rest, TLS 1.3 in transit
Audit logging: Comprehensive access logging retained per facility policy

Security Contacts

Report security vulnerabilities to:

Email: security@ward.health

We follow responsible disclosure practices and acknowledge reports within 48 hours.

Data Protection​

Encryption​

Access Control​

Audit Logging​

HIPAA Compliance​

Technical Safeguards​

Administrative Safeguards​

Physical Safeguards​

Credential Management​

User Passwords​

API Keys (Sensor Hubs)​

EMR Credentials​

Network Security​

Firewall​

DDoS Protection​

Vulnerability Management​

Code Security​

Penetration Testing​

Incident Response​

Data Retention​

Compliance​

Security Contacts​