Regulatory Compliance and Data Security

Our commitment to data security is absolute. Learn about the legal framework, certifications, and technical standards that guarantee the privacy of clinical information across the entire Amphora Health platform.

1. Our Compliance Pillars

Security is built into our architecture by design (Security by Design), ensuring peace of mind for our clients.

🛡️

Personal Data Protection

Strict alignment with Mexican regulations (LFPDPPP) and international standards (GDPR) for the collection, use, and storage of sensitive information.

☁️

Infrastructure Security

We use Cloud platforms (AWS, GCP) with clinical-grade security certifications, geographical data replication, and encryption at rest and in transit (AES-256).

✍️

Traceability and Auditing

All access and modifications to clinical records and sensitive data are logged in immutable records to ensure complete traceability and compliance with external audits.

2. Key Standards and Regulations

The Amphora Health platform is designed under the following compliance frameworks:

HIPAA (USA)

Although we primarily operate in Latin America, our architecture follows US health data privacy and security guidelines.

GDPR (European Union)

Compliance with principles of privacy by design, the right to be forgotten, and data portability, applying global best practices.

LFPDPPP (Mexico)

Full compliance with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and its regulations.

ISO 27001 (Framework)

Our Information Security Management System (ISMS) framework follows ISO 27000 family guidelines for continuous improvement and risk mitigation.

3. Technical Security in Architecture

Details of the measures implemented in the Stack for active data protection.

  • 🔑

    Total Encryption

    All data is encrypted in transit (TLS/SSL) in our PostgreSQL databases and Cloud environments.

  • 💾

    Immutable Backups

    Daily and weekly backups with immutable versions stored in separate geographical locations (Multi-Cloud).

  • 👤

    Reinforced Authentication

    Use of multi-factor authentication (MFA), role-based access control (RBAC), and activity logs to prevent unauthorized access.