Security
Security Baseline
Controls are enforced across identity, data boundaries, cryptography, and immutable audit trails.
Identity Controls
Firebase-authenticated sessions with role and inactivity policies.
Tenant Isolation
Clinic-scoped context + Postgres row-level security across PHI tables.
Infrastructure
CMEK, VPC-SC, and append-only audit stream enforcement.