Off-Platform Vault Storage
Store protected health information and client records in an isolated vault, outside your CMS and public infrastructure.
Secure Off-Platform Data Storage for Patient and Protected Records.
Zero-trust data isolation for medical, legal, and regulated environments, designed to meet HIPAA, PHIPA, and PIPEDA requirements.
Request Integration Consultation 
Download Architecture Overview 
A security compliance framework developed by e-dimensionz Inc.
Download Architecture Overview
A security compliance framework developed by e-dimensionz Inc.
The Risk Today
Live data sourced from ransomware.live. Figures reflect publicly disclosed ransomware incidents and and represent a conservative estimate of actual exposure.
0
Organizations impacted this year
0
Healthcare organizations impacted
0
New incidents in the last 30 days
0
Active ransomware groups tracked
The Problem:
Insecure Platforms Can't Protect Regulated Data
Most website platforms were built for marketing pages, not for protected health information or client records. That creates a few weak spots:
- Sensitive records live in the same database as the website, so one content management platform bug or bad plugin can expose everything.
- Shared logins and vendor access (agencies, freelancers, IT) mean people who just fix the site can also see protected data.
- Plugins, embeds, and tracking scripts quietly move data through third-party code you don't control.
- Backups and exports (CSV, database backups, staging copies) leave regulated data scattered across laptops, cloud drives, and old servers.
Zero-Trust Architecture
Externally Isolated Storage
Compliance Focused
Platform Agnostic
Protected Records Data Vaulting Layer (Off-Platform Storage)
The Protected Records Vaulting Layer keeps sensitive data off public platforms and stores it in an isolated, encrypted vault. All access is brokered through strict, policy-based controls. Even if a website is breached, data exposure is contained and regulated records remain protected in a multi-user environment. Designed for HIPAA, PHIPA, and PIPEDA-regulated data environments.
Zero-Trust Access Controls
Every access request is verified in real time before permissions are granted.
Immutable Audit Logging
Tamper-resistant audit logs record who accessed what, when, and where, supporting incident response and compliance reviews.
Encrypted Transport & Keys
End-to-end encryption protects data in transit, with centralized key management.
Isolation from Website/Hosting
Compromised plugins or hosting environments cannot directly access the protected records layer, limiting blast radius during data leaks or ransomware events.
Policy Enforcement Engine
Centralized policies enforce data retention, sharing, and export controls.
DID YOU KNOW?
How LockerRX Compares
A quick view of how we differ from keeping records in your website and using generic forms / storage tools.
| Feature | LOCKERRX | Paubox Forms | TrueVault |
|---|---|---|---|
| Primary focus | Vault + gateway beside your existing website/portal. | HIPAA online forms + secure submissions. | HIPAA-grade backend data store for apps. |
| Where data lives | Encrypted Locker, separate from your website's database. | In Paubox's hosted, encrypted environment. | In TrueVault's cloud public health information data store. |
| Zero-trust / isolation | Your website never talks directly to the vault. | Focus on secure forms, not locking down your website. | Access controlled at API / data-store level. |
| How it connects | Your current forms / portal point to the gateway. | You embed / link Paubox-hosted forms. | Your app talks to TrueVault via APIs. |
| Best for | Organizations keeping their site but moving records out. | Clinics needing compliant forms fast. | Product teams building healthcare apps. |
Feature
-
* High-level, non-exhaustive comparison based on publicly available information.
LockerRX lets providers share records transparently with patients and clients while staying compliant with privacy and data-protection laws.
Built for Highly Regulated Industries
Wherever regulated records touch public platforms, the vault sits between exposure and the data.
Healthcare Providers
Patient portals and intake forms without storing private health information on your website.
Legal Firms
Store case files and evidence in the vault while clients continue using your existing portal.
Financial Services
Protect statements and identity verification documents from shared or public hosting.
Municipal / Government
Isolate citizen records and permits from public-facing forms and portals.
LockerRX Implementation & Integration Approach
LockerRX is integrated in stages to minimize disruption and reduce risk. Each step is designed to isolate protected records from public platforms while aligning with your regulatory and compliance requirements.
1
Technical Assessment
Review your current stack, data flows, and regulatory requirements.
2
Architecture Planning
Define the zero-trust vaulting layer, access gateway, and integration touchpoints.
3
Vault Environment Setup
Provision isolated vaulted storage, encryption keys, and baseline policies.
4
Secure Gateway Integration
Wire your website, portals, and forms into the gateway using SDKs and APIs.
5
Testing & Compliance Validation
Exercise breach scenarios, validate audit logs, and align with compliance.
6
Ongoing Support
Continuous monitoring and patching as requirements evolve.
Insecure Platform vs Secure Vault
Securing Public Health Information on a Self-Hosted Website
Before LockerRX
Public health data on an insecure platform
- Self-hosted content management system on shared infrastructure, storing private health information in the same database as the website.
- Data may be stored in a "secure storage platform" but user-facing app has full access to it. If the app is exploited, so is all the data.
- Plugins and custom code with direct database access and no enforced MFA for admins.
- Files sitting on unencrypted disks and cloud buckets with inconsistent access policies.
- No immutable audit trail; access logs were partial, editable, or spread across multiple systems.
- Private health information for Ontario patients sometimes ending up in non-Canadian regions, creating PHIPA and PIPEDA exposure.
After LockerRX
Public health data in a secure vault platform
- All medical and personal records moved into an off-platform data vault hosted entirely in YOUR OWN cloud account.
- The content management system is treated as untrusted - it never sees raw database queries, keys, or file storage.
- Every access is gated by a two-factor authentication and short-lived, access-controlled session tokens.
- Structured data stored in identity-scoped data storage; files in fully encrypted storage with 100% Canadian residency on all data and connected services.
- Every read, write, and file action logged to an immutable audit stream for HIPAA/PHIPA/PIPEDA review.
The content management system became a simple relay; all real security, storage, and auditability moved into the vault.
Questions we hear often.
When protected records are involved, teams need to understand where data lives, who can access it, and how failures are contained. These questions usually surface early in review and approval processes.
Clarity matters.
Each answer is written to support internal discussions with security, compliance, and IT stakeholders.
No. LockerRX is designed specifically to work with existing websites, CMS platforms, and portals.
Your current platform continues to handle presentation and user interaction, but it is treated as untrusted. All authentication, authorization, data access, and audit logging occur in a separate, secure backend. Even if the CMS is compromised, it cannot access regulated records or credentials.
All protected records are stored outside your website or CMS, inside encrypted, region-locked LockerRX infrastructure.
Structured data is stored in identity-isolated partitions, and files are stored in encrypted object storage. The hosting platform never receives database credentials, storage keys, or direct access to the data layer.
A breach of your hosting provider does not expose protected data.
Even full administrative access to the CMS does not grant access to records. Session tokens are short-lived, stored only in the user's browser, and validated exclusively inside the vault. Without valid authentication and a second factor, no data can be accessed or enumerated.
Most integrations are completed in days to a few weeks, depending on complexity.
The work typically involves identifying data touchpoints, wiring forms or portals to the secure gateway, and validating access flows. No full platform rebuild is required, and changes are usually limited to specific submission or retrieval paths.
Access is controlled through identity-scoped sessions, not platform roles or shared credentials.
Each user authenticates individually and is granted access only to their own data partition. Internal staff, external partners, and end users all follow the same enforced access rules, with every read or write logged immutably for audit purposes.
Every access attempt, successful or not, is logged immutably with identity, timestamp, action, and outcome.
Logs are generated inside the secure backend and cannot be altered by the CMS or application layer. This supports HIPAA, PHIPA, and PIPEDA audit requirements and allows full forensic reconstruction when needed.
Talk through your data exposure before it becomes a breach?
We'll review where regulated records touch your public platforms and outline a practical path to isolate them.
-
Support:
226-271-8324 -
Office Hours:
Monday - Friday: 11:00 - 20:00 EST
On-call: 24/7/365
Send us a message.
We'll get back to you within one business day with next steps.
All fields are required. We reply within one business day.
