Medical Data Security
Medical data is among the most sensitive categories of personal information. Health Vault is designed with Russian legal requirements and information security best practices in mind.
Federal Law 152-FZ Compliance
The platform operator is ALVITA LLC, a registered personal data operator (RKN #9936531). Medical data processing complies with Federal Law No. 152-FZ on Personal Data:
- data stored on servers within the Russian Federation;
- users provide explicit consent during registration;
- data subject rights implemented: access, correction, deletion;
- personal data processing operations are logged.
Encryption
| Layer | Technology |
|---|---|
| Data in transit | TLS 1.3 — all client-server connections encrypted |
| Data at rest | AES-256 — encrypted storage on servers |
| Backups | Encrypted backups with integrity verification |
Even with physical access to server hardware, data remains encrypted without access keys.
Access Control (RBAC)
Health Vault uses Role-Based Access Control:
- Users see only their data and family members added to their profile;
- Clinicians access data only via temporary secure links created by the user;
- Administrators have minimally necessary access for technical support;
- all data actions are logged for audit.
AI and Privacy
When processing documents with AI models:
- data is not shared with third parties for model training;
- processing occurs within the platform's secure environment;
- extracted facts are stored separately from source documents with the same protection level.
Accreditation and Registrations
- IT company accredited by the Russian Ministry of Digital Development
- Listed in the Russian Software Registry #32462
- Software and database registered with ROSPATENT
User Recommendations
- Use a strong password and two-factor authentication (when available).
- Do not share clinician access links through unsecured channels.
- Regularly review devices with active sessions.
- If your account is compromised, change your password immediately and contact support.