If your software vendor says 'hospital-grade security' without defining the term, you should ask them to. The phrase has been emptied out by marketing pages that mean nothing more than 'we have a password screen.'
At Rucja we define it as five concrete controls, every one of which we can demonstrate in a security review.
1. Encryption everywhere
Every byte of patient data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database snapshots, file storage, backup archives, all encrypted. Keys live in a managed KMS with rotation, never in code or environment variables.
2. Role-based access, scoped to patients
Every doctor, sub-user, and admin acts under a role with module-level read/write/delete permissions. Roles can be scoped to a subset of patients, so a sub-user only ever sees the records you assign them. Not 'global view minus restrictions', patient-scoped from the ground up.
3. Audit trail you can read
Every patient record access, edit, share, and report download is logged with user, timestamp, IP and action. Your hospital can export the full trail any time. We can produce on request.
4. Regional hosting
Patient data hosted in your region, multiple global regions available, with options for on-prem and VPC deployments at the Enterprise tier. Data residency is not a checkbox; it's a deployment architecture.
5. Zero-retention AI
When we run lab reports through an LLM, we use the zero-retention API, the provider does not store, train on, or learn from your patient data. That contract is on file and renewed annually.