Security & patient data protection
Because our work involves the most sensitive category of personal information — your medical history, mental health, and substance-use history — we treat data protection as a clinical responsibility, not a checkbox. This page describes, in plain language, how we protect your record.
HIPAA-aligned infrastructure
The patient portal, admin console, and API are built on cloud infrastructure whose safeguards align with the HIPAA Security Rule (§164.308 administrative, §164.310 physical, §164.312 technical). We contract with subprocessors under Business Associate Agreements (BAAs) where they process protected health information (PHI).
- Access to PHI is scoped by clinical role — patients, clinicians, family members, and administrators each see only what they need.
- Every read or write of PHI by staff is written to a durable audit log (§164.312(b)) that we can produce on demand.
- Session tokens expire after inactivity; step-up authentication is required for sensitive administrative actions.
Encryption everywhere
PHI is encrypted twice — once in transit and again at the field level in the database — so a database backup, log line, or dump alone cannot expose your history.
- AES-256-GCM authenticated encryption for sensitive fields (name, phone, medical history, prescreen answers, clinical notes).
- TLS 1.2+ for every request between your browser or phone and our servers.
- Signed URLs with short expirations for medical documents you upload.
- Blind-index hashing (HMAC-SHA-256) lets clinicians look up your record by phone without ever comparing plaintext.
Least-privilege access
No employee has full access to every record. Our role model separates patient-facing staff, licensed clinicians, and platform administrators — each with different scopes, each logged separately.
- Role-based authorization enforced on every API route (patient / family / medical staff / psychologist / admin).
- Multi-factor authentication for staff accounts.
- Escalating rate limits and lockout on failed login attempts.
Data handling & retention
We store the minimum necessary to deliver safe treatment and required follow-up care. You control your record and can request a copy or deletion at any time (subject to medical-record retention obligations).
- We never sell your data. We never share PHI with advertisers or analytics providers.
- Marketing analytics run only on non-PHI website behaviour, subject to your cookie preferences.
- PHI is retained per Mexican medical-record law and international best practice; you can request deletion of non-required records.
What you can do
Security is a partnership. You strengthen it by using unique passwords, enabling two-factor auth where offered, and signing out of shared devices.
- Use a password manager and a unique password for your portal account.
- Verify links open on mindscaperetreat.com before entering credentials.
- Report suspicious activity to security@mindscaperetreat.com and we will investigate promptly.
Ready to take a confidential first step?
Your prescreen is reviewed only by licensed medical staff.
Security disclosures? Email security@mindscaperetreat.com. We investigate every credible report.