Do we need to rebuild our existing website or CMS?

No. LockerRX is designed to work with existing websites, CMS platforms, and portals. Your platform continues to handle presentation and interaction, while authentication, authorization, data access, and audit logging occur in a separate secure backend.

Where do regulated records live?

Protected records are stored outside your website or CMS in encrypted, region-locked LockerRX infrastructure. Operational platforms do not receive database credentials, storage keys, or direct access to the protected data layer.

How do internal teams and third parties access records?

Access is controlled through identity-scoped sessions, not platform roles or shared credentials. Each user authenticates individually and is granted access only to their permitted scope, with reads and writes logged for audit.

How is access audited and reviewed for compliance?

Every access attempt is logged immutably with identity, timestamp, action, and outcome. Logs are generated inside the secure backend and cannot be altered by the CMS or application layer.

What happens if our hosting provider is breached?

A breach of the hosting provider does not automatically expose protected data. Even administrative access to the CMS does not grant access to the protected records layer; access is validated in the vault layer.

Can LockerRX be applied to internal systems, not just public websites?

Yes. LockerRX can be applied to internal systems, staff portals, line-of-business applications, and shared tools. The same separation model applies wherever regulated records are accessed.

How long does a typical integration take?

Most integrations are completed in days to a few weeks depending on complexity, focusing on identifying data touchpoints, wiring forms or portals to the secure gateway, and validating access flows.

LockerRX Architecture Overview

This document provides a high-level overview of the LockerRX architecture, designed to support secure, compliant handling of sensitive medical and personal data. It outlines how data protection, access control, and auditability are enforced independently of the application layer, helping organizations reduce regulatory risk and maintain compliance with frameworks such as HIPAA, PHIPA, and PIPEDA.

Download Full Architecture PDF

Background and Problem Statement

The handling of medical and other sensitive records is often impacted by legacy or generalized data storage practices that were not originally designed with modern regulatory requirements in mind. Many organizations rely on self-hosted content management systems, legacy web applications, or informal file repositories that may not fully address the security, auditability, and jurisdictional expectations outlined in regulations such as HIPAA, PHIPA, and PIPEDA.

These platforms frequently combine application logic and data storage, may lack consistent access controls, and can depend on storage mechanisms that are not optimized for regulated data. As a result, data exposure incidents can occur not only due to sophisticated attacks, but also due to limitations in how data is stored, accessed, and managed within these environments.

Self-hosted application platforms can introduce additional operational risk. Their security often depends on correct server configuration, consistent maintenance practices, and ongoing oversight—conditions that can be difficult to maintain over time. Update cycles may vary, third-party extensions can introduce additional complexity, and authentication controls may not always be applied consistently. While encryption is commonly used, its effectiveness depends on how it is implemented and managed. These factors can make it more difficult to maintain consistent auditability and demonstrate compliance during reviews or incident investigations.

At the core of this challenge is the assumption that the application hosting environment can be relied upon as a primary security boundary. In practice, many deployments operate in environments with varying security postures, including shared infrastructure, lightly managed systems, or internally hosted platforms with limited isolation. If these environments are compromised, sensitive records may be exposed despite intended safeguards, increasing organizational risk when handling regulated health or personal information.

To address these challenges, organizations may benefit from architectural approaches that reduce reliance on the application layer as a security boundary. In such models, data protection, authentication, auditing, and policy enforcement are designed to operate within a controlled environment that is separate from the user-facing interface. This paper examines the regulatory context driving this need and outlines high-level architectural principles intended to support compliant access to sensitive information while reducing dependence on the security posture of the application layer.

Regulatory Risks and Consequences of Improper Data Handling

Improper storage, processing, or exposure of regulated medical and personal data can carry significant legal, financial, and operational consequences. Regulatory frameworks such as HIPAA (United States), PHIPA (Ontario), and PIPEDA (Canada) impose strict obligations on how organizations collect, retain, transmit, and monitor access to sensitive information. These obligations generally apply regardless of the technology stack, hosting model, or application framework in use.

Failure to meet regulatory requirements through inadequate safeguards, insufficient access controls, or lack of reliable auditability can trigger mandatory breach notifications, regulatory investigations, f inancial penalties, and long-term operational restrictions. In many cases, organizations may also face civil liability, reputational harm, and loss of trust from patients, partners, and regulators.

The following sections summarize the key requirements and potential consequences associated with each regulatory framework, highlighting common risks faced by organizations responsible for handling regulated health or personal data.

HIPAA (United States)

HIPAA's Security Rule establishes national standards for the protection of electronic Protected Health Information (ePHI). Covered entities and their service providers are required to implement safeguards that support the confidentiality, integrity, and availability of regulated data, regardless of where or how supporting applications are deployed.

Key Security Requirements

Access Controls (45 CFR §164.312(a))
Organizations must implement mechanisms to uniquely identify users and restrict access to ePHI based on defined permissions. Access controls must be sufficiently robust to reduce the risk of unauthorized use or disclosure.
Audit Controls (45 CFR §164.312(b))
Systems handling ePHI must generate audit records that document access and activity involving protected data, enabling review, monitoring, and forensic analysis.
Integrity Controls (45 CFR §164.312(c))
Organizations must implement safeguards to protect ePHI from improper alteration or destruction and support the maintenance of data integrity throughout its lifecycle
Transmission Security (45 CFR §164.312(e))
ePHI must be safeguarded during transmission to reduce the risk of unauthorized access, interception, or modification.
Physical and Administrative Safeguards
Covered entities must maintain appropriate policies, procedures, and operational controls to reduce the risk of unauthorized physical or administrative access to systems handling ePHI.

Risks & Penalties

Failure to comply with HIPAA requirements may result in significant legal, financial, and operational consequences, depending on the severity and nature of the violation.

Civil Penalties
Regulatory fines may reach up to $50,000 per violation, with an annual maximum of $2.19M, based on the level of negligence involved.
Criminal Penalties
Willful misuse or unlawful disclosure of Protected Health Information (PHI) may result in criminal charges, including imprisonment of up to 10 years.
Mandatory Breach Notification
Organizations may be required to notify affected individuals, regulatory authorities, and, in certain cases, the media following a reportable breach.
Operational Consequences
Non-compliance can lead to corrective action plans, increased regulatory oversight, loss of contracts, and long-term reputational damage.

Non-compliance can lead to corrective action plans, increased regulatory oversight, loss of contracts, and long-term reputational damage.

PHIPA (Ontario, Canada)

The Personal Health Information Protection Act (PHIPA) establishes strict obligations for health information custodians (HICs) and their service providers when handling personal health information (PHI) in Ontario. The legislation emphasizes accountability, access control, and continuous oversight, with the goal of supporting the protection of PHI against unauthorized use or disclosure.

Key Security Requirements

Section 12(1): Reasonable Safeguards
Organizations must implement appropriate physical, administrative, and technical safeguards to protect PHI from unauthorized use, disclosure, copying, modification, or destruction.
Section 13: Agent Restrictions
Service providers and agents may only access or handle PHI as explicitly permitted and must not exceed the scope of their authorized role.
Section 17: Logging and Audit Requirements
Systems handling PHI must maintain records sufficient to support auditability and enable ongoing monitoring to support the detection and investigation of unauthorized activity.
Data Minimization and Access Control
Access to PHI must be limited to the minimum amount necessary for an individual to perform their authorized function.

Risks & Penalties

Non-compliance with PHIPA may result in substantial penalties and operational consequences, including:

Fines of up to $200,000 for individuals and up to $1,000,000 for organizations
Professional disciplinary action for regulated healthcare providers
Mandatory breach notification to affected individuals and the Information and Privacy Commissioner of Ontario
Public reporting, reputational harm, and loss of trust
Termination of contracts for service providers deemed non-compliant

PHIPA places a strong emphasis on auditability, least-privilege access, and accountability, requiring organizations to be able to demonstrate ongoing control over who may access PHI and under what conditions.

PIPEDA (Canada)

The Personal Information Protection and Electronic Documents Act (PIPEDA) governs the handling of personal information in commercial activities across Canada, outside of provinces with substantially similar legislation. Organizations subject to PIPEDA are required to protect personal information throughout its lifecycle and to apply safeguards appropriate to the sensitivity of the data involved.

Key Security Requirements

Technical Safeguards
Organizations must implement appropriate technical measures to protect personal information, including safeguards related to access control, authentication, confidentiality, and data integrity.
Administrative Safeguards
Policies, training programs, breach response procedures, and controlled access practices must be in place to support the consistent and responsible handling of personal information.
Physical Safeguards
Reasonable physical protections must be applied to facilities and systems that store or process personal information to reduce the risk of unauthorized access.
Principle 4.7.1: Safeguards
The level of protection applied to personal information must be proportionate to its sensitivity. Highly sensitive data, including medical information, requires a high degree of protection.
Mandatory Breach Reporting
Organizations are required to report any breach of security safeguards that pose a "real risk of significant harm" to affected individuals, and to maintain records of all breaches as prescribed by law.

Risks & Penalties

Failure to comply with PIPEDA may result in regulatory enforcement actions and legal exposure, including:

Administrative monetary penalties of up to $100,000 per violation
Civil liability, including lawsuits brought by affected individuals
Mandatory breach reporting and recordkeeping obligations
Investigations by the Office of the Privacy Commissioner of Canada
Orders requiring changes to business practices or data handling procedures

PIPEDA emphasizes proportional safeguards, accountability, and demonstrable control over access to personal information, requiring organizations to align their protection measures with the sensitivity and risk profile of the data they manage.

Risk Summary

Across HIPAA, PHIPA, and PIPEDA, enforcement actions and reported breaches are often associated with situations where safeguards are not aligned with the sensitivity of the data being handled. Recurring risk factors include:

Key Security Requirements

Use of systems or processes not designed for handling regulated or highly sensitive information
Weak or insufficient authentication controls that fail to adequately restrict unauthorized access
Excessive administrative access without appropriate oversight or accountability
Inadequate protection of data confidentiality or integrity
Lack of reliable, auditable records of data access and activity
Failure to comply with applicable data residency or jurisdictional requirements

Organizations that do not adequately address these risks may face regulatory penalties, civil liability, mandatory public breach disclosures, operational disruption, and long-term loss of trust among patients, partners, and regulators

Secure Your Sensitive Data with Confidence

Discover how LockerRX can help your organization protect regulated data, reduce compliance risk, and maintain full auditability across your systems.

Request a Demo

High-Level Architecture Principles

The architecture is guided by a set of foundational principles designed to support regulatory compliance, data protection, and operational resilience when handling sensitive medical and personal information. These principles focus on intended outcomes rather than implementation details, with the goal of reducing reliance on specific technologies or platforms used at the application layer.

Security Independent of the Application Layer
The architecture assumes that application interfaces and their hosting environments may be insecure or compromised. As a result, the protection of sensitive data is designed to operate independently of the application layer, helping reduce the risk that application-level weaknesses could expose regulated information.
Clear Separation of Trust Domains
Security responsibilities are intentionally divided between trusted and untrusted components. Sensitive operations, including access control, policy enforcement, and auditability, are confined to a controlled trust boundary, while application interfaces are treated as untrusted conduits for user interaction. This separation is intended to reduce the impact of application compromise and limit the potential scope of exposure.
Least-Privilege Access by Design
Access to sensitive data is restricted to the minimum necessary for authorized purposes. The architecture is designed to enforce least-privilege principles across interactions, helping ensure that users, systems, and administrative roles operate within their approved scope of access.
Strong Accountability and Auditability
Access to regulated data is designed to be attributable and auditable. The architecture emphasizes record-keeping and traceability to support monitoring, investigation, and compliance verification, helping organizations demonstrate accountability under applicable regulatory frameworks.
Data Protection Proportional to Sensitivity
Safeguards are applied in proportion to the sensitivity of the data being handled. Highly sensitive information, such as medical records, is subject to enhanced protections intended to support confidentiality, integrity, and availability throughout its lifecycle.
Jurisdictional and Regulatory Awareness
The architecture is designed with regulatory jurisdiction in mind, with the goal of aligning data handling practices with applicable geographic and legal requirements. This principle supports compliance with data residency and cross-border transfer obligations imposed by health and privacy legislation.
Resilience Through Design, Not Configuration
Compliance and security outcomes are supported through architectural design rather than reliance on application configuration or ongoing manual intervention. This approach helps reduce operational risk and is intended to maintain consistent safeguards as application platforms evolve or change.

Trust Boundary and Responsibility Model

The architecture is built around a clearly defined trust boundary that separates user-facing application components from the systems responsible for protecting sensitive data. This model is designed to support consistent enforcement of security and compliance controls, regardless of the technology, hosting environment, or framework used to deliver the application interface.

Untrusted Application Layer

User-facing applications, including web interfaces, content management systems, and other frontend platforms, are treated as untrusted by default. These components are responsible for presenting information to users and collecting input, but they are not relied upon as the primary mechanism for enforcing security, access control, or compliance requirements.

This approach reflects the practical realities of modern application environments, where third-party code, plugins, frequent updates, and shared infrastructure can introduce risk. By not treating the application layer as a security authority, the architecture is intended to reduce the potential impact of application-level vulnerabilities or misconfigurations.

Trusted Control Environment

Decisions related to access control, policy enforcement, and auditability are designed to occur within a controlled and trusted environment that operates independently of the application layer. This environment serves as the authoritative source for evaluating whether a requested operation is permitted and for applying protections to sensitive data in alignment with defined policies and regulatory expectations.

By centralizing enforcement within this trust boundary, the architecture is intended to reduce the likelihood that security controls could be bypassed, weakened, or altered due to changes in the application interface or its hosting platform.

Clear Separation of Responsibilities

Responsibilities are intentionally divided to reduce risk and simplify compliance:

The application layer is responsible for user interaction and presentation
The trusted control environment is responsible for enforcing access policies, protecting data, and maintaining auditability.

This separation is designed to reduce the risk that the application layer could act as a privileged intermediary and to limit the extent to which administrative access to the application may translate into access to regulated data.

Reduced Impact of Application Compromise

Because the application layer is not treated as a trusted security component, compromise of the frontend environment does not necessarily result in compromise of sensitive data. Security controls are designed to remain in effect even if the application layer is modified, misconfigured, or exploited, helping reduce the likelihood of unauthorized access.

Support for Regulatory Accountability

By clearly defining trust boundaries and responsibilities, the architecture supports regulatory expectations for accountability and control. Organizations are better positioned to demonstrate that sensitive data is managed within a controlled environment, independent of the application technologies used to access it.

Separation of Application and Data Security

Protecting sensitive medical and personal information requires a distinction between application security and data security. While application security focuses on safeguarding user interfaces and application logic, data security addresses the protection of the information itself. These concerns overlap but are not interchangeable, and regulatory compliance generally depends on treating them as distinct responsibilities.

Application Security Does Not Guarantee Data Security

Application security measures, such as input validation, role-based permissions, and patch management, are important, but they primarily protect the behavior of the application. They do not, by themselves, ensure that sensitive data remains protected if the application is misconfigured, compromised, or operating in an insecure environment.

Modern applications often rely on complex ecosystems of third-party code, extensions, and hosting services. Even well-maintained platforms may introduce risk through updates, configuration drift, or vulnerabilities outside an organization's direct control. When sensitive data protection depends primarily on the correctness or integrity of the application layer, a single failure may result in broader exposure.

Data Security Must Be Enforced Independently

Data security typically requires controls that are designed to remain effective across a range of application states and conditions. This includes enforcing access restrictions, protecting data integrity, and maintaining auditability in a manner that does not rely solely on application-level logic or configuration.

By enforcing data protection independently of the application layer, organizations can reduce the risk that application flaws, administrative errors, or platform compromises may lead to unauthorized access to regulated information.

Compliance Cannot Rely on Application Configuration

Regulatory frameworks such as HIPAA, PHIPA, and PIPEDA require organizations to demonstrate consistent, enforceable safeguards for sensitive data. These obligations are unlikely to be met solely through application configuration, which is inherently variable and difficult to audit over time.

Configuration-based controls, such as application permissions, plugin settings, or server-level access rules, are prone to change and may be bypassed unintentionally. Compliance generally requires safeguards that are durable, verifiable, and resistant to misconfiguration.

Reduced Operational and Compliance Risk

Separating application security from data security can simplify compliance by narrowing the scope of what must be trusted. Organizations may evolve, replace, or modify application platforms without significantly increasing data protection risk, provided the data security boundary remains intact.

This separation allows organizations to focus application security efforts on user experience and functionality, while supporting the consistent application of regulatory safeguards for sensitive data.

Access Control and Accountability Principles

Effective protection of sensitive medical and personal information depends on clear, enforceable access control and accountability practices. The architecture is guided by principles intended to support access that is intentional, limited, and traceable, aligning with both security objectives and regulatory requirements.

Least-Privilege Access

Access to sensitive data is restricted to the minimum level required to perform authorized functions. Individuals and systems are granted only the permissions necessary for their specific role, helping reduce the risk of accidental exposure, misuse, or overreach.

Least-privilege access limits the potential impact of compromised accounts or administrative errors by helping reduce the likelihood that any single user or system has broader access than required.

Verified Access Decisions

Access to regulated data is based on verified identity and authorization, rather than implicit trust in application roles or hosting environments. Each access request is evaluated against defined policies to help ensure that access aligns with approved actions.

By requiring verification at the point of access, the architecture helps reduce the risk of unauthorized use and supports consistent and enforceable access decisions over time.

Accountability and Traceability

Access to sensitive data is designed to be attributable to a specific individual or system. Accountability supports the ability to review, investigate, and validate actions, enabling both operational oversight and regulatory compliance.

Traceability allows organizations to demonstrate who accessed data, when access occurred, and whether the access was authorized, supporting both routine operations and incident response scenarios.

Separation of Administrative Authority

Administrative responsibilities are structured to reduce the risk of unchecked access to sensitive information. The architecture is designed so that administrative roles do not inherently grant unrestricted visibility into regulated data, and oversight mechanisms are intended to support appropriate boundaries.

This separation helps reduce the risk of internal misuse and supports compliance with regulatory expectations around role separation and accountability.

Support for Compliance and Governance

By applying least privilege, verified access, and accountability as foundational principles, the architecture supports governance, audit readiness, and regulatory compliance. These principles help support access control practices that are consistent, reviewable, and aligned with organizational policies and legal obligations.

Auditability and Compliance Readiness

Regulatory compliance requires more than preventative controls; it also requires the ability to demonstrate that those controls are functioning as intended. The architecture is designed to support auditability and compliance readiness by enabling the review, verification, and explanation of access to sensitive data in a manner aligned with regulatory expectations.

Auditable by Design

Access to regulated data is designed to be auditable. Systems are intended to support reconstruction of access history, review of authorized and unauthorized attempts, and validation that data handling practices align with documented policies.

Auditability is treated as a foundational requirement rather than an afterthought, supporting organizations in responding to internal reviews, external audits, and regulatory inquiries.

Tamper-Resistant Records

Audit records are protected against unauthorized modification or deletion. This tamper-resistant approach is intended to help maintain the reliability and trustworthiness of audit data, including in scenarios involving application-layer compromise or administrative error.

By preserving the integrity of audit records, organizations can use them to support compliance verification, incident investigation, and post-event analysis.

Regulator-Friendly Oversight

Audit information is structured to support clear interpretation by compliance teams, auditors, and regulators. Records are designed to provide sufficient context to understand what occurred, when it occurred, and whether the activity was authorized under applicable policies.

This clarity helps reduce friction during audits and supports timely, accurate responses to regulatory requests.

Support for Incident Response and Breach Assessment

Strong auditability supports organizations in assessing potential security incidents and determining whether regulatory reporting obligations may be triggered. By maintaining records of access and activity, organizations can better distinguish between attempted access, authorized use, and potential data exposure.

This capability supports informed decision-making during incident response and contributes to the accuracy and completeness of breach notifications.

Ongoing Compliance Readiness

Auditability and compliance readiness are intended to be maintained continuously, not just during formal reviews. The architecture supports ongoing oversight by enabling organizations to monitor access patterns, review compliance posture, and support demonstration of adherence to regulatory safeguards over time.

Ready to Strengthen Your Compliance Strategy?

Move beyond traditional application-based security and adopt a data-first protection model designed for modern regulatory environments.

Talk to Our Team

Data Residency and Jurisdictional Controls

Regulatory frameworks governing medical and personal information impose specific requirements on where data may be stored and processed. The architecture is designed with these jurisdictional obligations in mind, with the goal of supporting alignment with applicable geographic and legal requirements.

Residency Aligned With Regulatory Requirements

Sensitive data is handled in accordance with applicable data residency requirements, with storage and processing designed to occur within jurisdictions permitted by relevant health and privacy legislation.

This approach supports compliance with laws that restrict cross-border handling of regulated information and require demonstrable control over data location.

Controls Against Unauthorized Transfer

Safeguards are implemented to limit unauthorized movement, replication, or transfer of sensitive data outside approved jurisdictions. These controls are designed to operate independently of application-layer behavior, helping reduce the risk that misconfiguration or application compromise could result in unintended cross-border data exposure.

Support for Regulatory Transparency

Clear jurisdictional controls support organizations in understanding where regulated data resides and how it is managed. This transparency can assist with regulatory reviews, contractual obligations, and organizational governance by helping demonstrate alignment between data handling practices and applicable legal and policy requirements.

Reduced Cross-Border Compliance Risk

By applying jurisdictional boundaries at the architectural level, the system helps reduce the complexity and risk associated with cross-border data management. Organizations may adopt or modify application platforms with greater confidence that data residency considerations are being addressed at the architectural level.

Operational Responsibility and Shared Accountability

Effective protection of sensitive medical and personal information requires both architectural safeguards and responsible organizational practices. While the architecture is designed to support the enforcement of key security and compliance controls, organizations remain accountable for how data is used, governed, and managed within their operational context.

System-Enforced Responsibilities

The architecture is designed to support core safeguards that align with regulatory compliance and data protection, including:

Controlled access to sensitive data based on verified authorization
Application of least-privilege principles to limit unnecessary access
Protection of data integrity and confidentiality independent of the application layer
Maintenance of auditable records to support oversight, investigation, and compliance verification
Application of jurisdictional constraints aligned with regulatory requirements

These controls are designed to be applied consistently and to reduce dependence on correct application configuration or administrative discipline within the application layer.

Organizational Responsibilities

Organizations using the system retain responsibility for governance, policy, and appropriate use of data, including:

Defining who is authorized to access sensitive data and for what purposes
Supporting alignment of access with legal, contractual, and ethical obligations
Managing user onboarding, role assignment, and access review processes
Training personnel on data protection responsibilities and acceptable use
Responding to audit findings, incidents, and regulatory inquiries

The system provides a technical foundation to support compliance but does not replace the need for sound organizational policies and oversight.

Shared Accountability Model

Compliance is supported through a shared accountability model in which architectural safeguards and organizational governance work together. The system is designed to enforce defined security and compliance boundaries, while the organization maintains control over business rules, user intent, and operational decision-making.

This division of responsibility supports clearer accountability, reduces ambiguity during audits or investigations, and aligns with regulatory expectations that organizations remain responsible for the data they control, even when technical safeguards are provided by supporting systems.

Compliance Alignment

The architecture is designed to support the operational, technical, and administrative safeguards outlined in HIPAA (United States), PHIPA (Ontario), and PIPEDA (Canada). It is intended to do so by supporting access control, auditability, data integrity, and data residency practices in a manner that reduces reliance on the security posture of the application interface or hosting environment.

The following sections describe how the architecture is designed to align with key regulatory requirements at a control and outcome level.

HIPAA Compliance Alignment

HIPAA's Security Rule establishes standards for protecting electronic Protected Health Information (ePHI). The architecture is designed to support these standards through the following control objectives.

Access Control (45 CFR §164.312(a))
Access to ePHI is restricted to authenticated and authorized individuals. Controls are designed to help ensure that access aligns with defined permissions and to reduce the risk of unauthorized access by end users or administrative personnel.
Audit Controls (45 CFR §164.312(b))
Interactions with ePHI are designed to be recorded in centralized, tamper-resistant audit records. These records are intended to support monitoring, investigation, and compliance verification by providing a history of access and activity.
Integrity Controls (45 CFR §164.312(c))
Safeguards are implemented to protect ePHI from unauthorized alteration or destruction. Data integrity controls are designed to support traceability and detection of changes throughout the data lifecycle.
Person or Entity Authentication (45 CFR §164.312(d))
Access to ePHI requires verification of the requesting individual or system. Authentication controls are designed to support access decisions based on verified identity rather than solely on application-level credentials.
Transmission Security (45 CFR §164.312(e))
ePHI is protected during transmission using appropriate safeguards intended to reduce the risk of unauthorized interception, disclosure, or modification.
Physical and Administrative Safeguards
Physical protections and administrative controls are applied to systems handling ePHI, including controlled access to infrastructure, defined access policies, and ongoing oversight through audit review and access management procedures.

Result:

The architecture is designed to support HIPAA Security Rule requirements by enabling controlled, monitored, and auditable access to ePHI, and by supporting data confidentiality and integrity in a manner that reduces reliance on the security posture of the application layer.

PHIPA Compliance Alignment (Ontario)

The Personal Health Information Protection Act (PHIPA) establishes strict obligations for health information custodians (HICs) and their agents to protect personal health information (PHI) against unauthorized access, use, and disclosure. The architecture is designed to support these obligations through safeguards, accountability, and oversight mechanisms.

Reasonable Safeguards (PHIPA §12(1))
Appropriate physical, administrative, and technical safeguards are applied to protect PHI throughout its lifecycle. These safeguards are designed to help reduce the risk of unauthorized access or disclosure and to reduce reliance on the security posture of the application interface or hosting environment.
Agent Restrictions (PHIPA §13)
Access to PHI by service providers and agents is restricted to what is explicitly authorized. Application-layer components are designed so that they do not have direct access to PHI outside of permitted workflows, helping ensure that access is constrained by defined roles and responsibilities.
Logging and Monitoring (PHIPA §17)
Access to PHI is designed to be subject to auditability requirements. Centralized, tamper-resistant audit records are designed to be maintained to support ongoing monitoring, investigation of unauthorized access, and compliance verification. Audit mechanisms are intended to operate independently of the application layer.
Data Minimization and Least Privilege
Access to PHI is limited to the minimum necessary for authorized purposes. Controls are designed to help reduce excessive administrative access and to limit the likelihood that any individual or system exceeds its approved scope of access without appropriate authorization.
Secure Storage Requirements
PHI is stored using safeguards appropriate to its sensitivity, including protections intended to support confidentiality, integrity, and alignment with applicable jurisdictional requirements. Storage systems are designed so that they are not directly accessible by application-layer components or hosting providers.

Result:

The architecture is designed to support PHIPA's requirements for reasonable safeguards, access control, auditability, and role separation, supporting organizations in demonstrating alignment with Ontario's personal health information protection obligations.

PIPEDA Compliance Alignment (Canada)

PIPEDA's Schedule 1 establishes principles for safeguarding personal information in commercial activities across Canada. The architecture is designed to support these principles through a combination of technical, administrative, and physical safeguards that are proportional to the sensitivity of the data being handled.

Principle 4.7: Safeguards
Appropriate safeguards are designed to protect personal information against unauthorized access, disclosure, alteration, or loss. These safeguards are intended to operate independently of the application layer and to support consistent protection throughout the data lifecycle.
Technical Safeguards
Controls are designed to support the protection of the confidentiality and integrity of personal information and to restrict access to authorized individuals and systems.
Administrative Safeguards
Policies, procedures, and oversight mechanisms govern how personal information is accessed, managed, and reviewed, supporting accountability and consistent application of access restrictions.
Physical Safeguards
Physical protections are applied to the infrastructure supporting data storage and processing, consistent with recognized security and compliance standards. The level of protection applied corresponds to the sensitivity of the information, with heightened safeguards applied to medical and other highly sensitive data, as required by PIPEDA.
Mandatory Breach Reporting
Physical protections are applied to the infrastructure supporting data storage and processing, consistent with recognized security and compliance standards. The level of protection applied corresponds to the sensitivity of the information, with heightened safeguards applied to medical and other highly sensitive data, as required by PIPEDA.
Accountability and Limiting Access
Access to personal information is governed by defined authorization controls and accountability measures. Access is designed to align with authorized operations and is intended to limit extension beyond approved boundaries without appropriate validation and oversight.
Data Residency and Transfer Restrictions
Personal information is stored and processed in accordance with applicable jurisdictional requirements. Controls are designed to limit unauthorized cross-border storage or transfer of regulated data.

Result:

The architecture supports PIPEDA's requirements by applying proportional safeguards, supporting accountable access controls, and maintaining data residency practices aligned with personal information handled in commercial activities.

Cross-Regulatory Summary

Across HIPAA, PHIPA, and PIPEDA, regulatory compliance depends on an organization's ability to consistently control access to sensitive data, maintain auditability, and apply safeguards proportional to the sensitivity of the information being handled. The architecture is designed to support these shared requirements by:

Supporting access controls that align with verified and authorized individuals
Applying access control mechanisms that operate independently of application-layer credentials
Storing sensitive data within encrypted environments aligned with jurisdictional requirements
Supporting least-privilege access and separation of duties
Maintaining audit records designed to support monitoring and investigation
Reducing reliance on application-layer components as security authorities or privileged intermediaries

By aligning with these principles, the architecture is intended to support compliance as a function of system design, rather than relying solely on configuration or ongoing manual enforcement within the application layer.

This architecture provides a security-focused, regulation-aware approach to storing and accessing sensitive medical and personal data, including in environments where the application interface may operate with varying or uncertain security postures. By decoupling data protection and access enforcement from the application layer, the system helps reduce reliance on the security assumptions of frontend platforms and mitigates common sources of compliance risk.

Core safeguards, such as controlled access, auditability, data integrity, and jurisdictional protection, are designed to operate within a trusted execution environment that functions independently of the application interface. As a result, compromise of the frontend platform does not necessarily result in unauthorized access to regulated data or undermine compliance objectives.

Download Full Architecture PDF

Talk through your data exposure before it becomes a problem

If you're unsure where regulated records touch your systems, a short conversation can help. We'll walk through your environment and outline whether LockerRX makes sense or point you in a better direction if it doesn't.

info@edz.dev
support@edz.dev
Support:
226-271-8324
Office Hours:
Monday - Friday: 11:00 - 20:00 EST
On-call: 24/7/365

Learn more about e-dimensionz

Talk through your exposure.

We'll follow up within one business day to continue the conversation.

Share as much or as little detail as you like. Please do not include patient records, personal health information (PHI), or other sensitive data. We'll walk through those details securely if needed.