All notes

Why we keep patient data off your website entirely

The decoupled architecture that turns a breach into nothing to have.

Most web security advice is about building a stronger box. Patch the server, rotate the keys, add a firewall, watch the logs. All of it is reasonable, and for a healthcare site it is the wrong place to start.

We start somewhere blunter. We do not put patient data on the website at all.

Decoupled, in one paragraph

The site your patients see is a set of pre-built pages. Fast to serve, nothing to query, no database sitting behind them holding anything worth stealing. When a patient submits a form, it goes straight to a platform built and covered for exactly that, under a signed business associate agreement. Your web host never receives it. Your team reads the message inside that platform, where access is controlled and every view is logged.

What that actually changes

  • There is no submissions table on the host, so a compromised plugin has nothing to hand over.
  • There is no plain-text copy in an inbox, so a phished email password is not a patient-data incident.
  • There is no message content in backups, so an old snapshot cannot turn into a disclosure years later.
  • What remains exposed to the internet is a set of static pages, which hold nothing to take.

It also, not by coincidence, makes for a better website. Pages built this way are fast, they are stable, they are cheap to serve, and they give search engines and AI assistants clean structure to read. The architecture that protects the data is the same architecture that makes the site good. We did not have to trade one for the other, and neither should you.

You cannot leak what you never held. That is the whole idea. Everything else we do is downstream of it.

If you want to know what your current site is holding right now, the free liability audit will tell you in writing.

Start here

Find out if you’re exposed.

The free audit reads only what is publicly available: your live site, its forms, where a submission appears to go, and the third parties already riding along on the page. We never touch your systems, and all we need is your URL. You get your likely exposure in writing, at no cost.

Free · public information only · no access to your systems