Security & HIPAA compliance isn't a feature. It's the foundation.

The entire system runs on Amazon Web Services using HIPAA-eligible services, covered by a signed AWS Business Associate Addendum. AWS is our only infrastructure subprocessor.

Every connection uses TLS. Everything stored — the database, its automated backups, and the audit log — is encrypted at rest on a customer-managed AWS KMS key. No unencrypted copy exists.

The database runs in a private network with no public address. Application traffic reaches it through the app; nothing is exposed directly to the open internet.

An AWS Web Application Firewall sits in front of the site with managed rule groups and a per-IP rate limit, and the application enforces its own rate limits and a per-clinic staff-PIN lockout.

Owner accounts use two-factor sign-in — an authenticator app or a texted code — and a clinic can require it for every owner. One-time recovery codes provide a safe way back in if a device is lost.

Owner sessions time out after fifteen minutes of inactivity and have a twelve-hour absolute cap, so an unattended reception screen doesn't stay open.

Clinicians use a daily clinic code and a personal PIN on their own phones — no shared passwords, and a lockout after repeated wrong PINs.

Our platform tools see clinic-level numbers, not patient records. The one path into a clinic's detail requires a typed reason and is written to that clinic's own audit log — so any access by us is visible to you.

Lucido captures the minimum protected health information the SPRAVATO® REMS workflow requires — nothing for marketing, nothing for analytics.

No third-party analytics, no advertising or attribution tools, no outside vendors touching patient data. Billing runs on Stripe with billing data only — never PHI.

Once a session is discharged it's locked. Every action that touches patient information lands in an append-only audit log that can't be edited or deleted — retained seven years and exportable by the clinic at any time.

Completed session records auto-delete on the clinic's configured schedule, after the filing window. Lucido is the day-of monitor, not a long-term record store — clinics keep their own records through exports.

Esketamine records are mental-health treatment records, and some states — such as the Illinois Mental Health and Developmental Disabilities Confidentiality Act (740 ILCS 110) — protect them more strictly than HIPAA. Our architecture is built for that: disclosure only to the clinic and to AWS, no third-party data egress, and redisclosure notices on the records the product generates.

We maintain a HIPAA security program in writing — a security risk analysis, incident-response and breach-notification procedures, and workforce policies — kept current as the product changes.

A multi-region CloudTrail records infrastructure activity to write-once storage with seven-year retention, alongside the application's own append-only audit log.

Point-in-time database backups are encrypted and have been restore-tested, not just configured — a drilled recovery with a measured recovery time.

Error-rate, latency, and uptime alarms page the team automatically, so problems surface before a clinic has to report them.