Skip to main content

Security

Your data, your AWS, your audit trail

CareMAR is designed so that the customer — not the vendor — owns the infrastructure storing medication records. This is a deliberate architectural decision that shapes every other security control.

Eight controls

  • Customer-owned AWS

    Your CareMAR instance runs in your AWS account. Data never leaves your infrastructure. Billing flows directly from your facility to AWS (~$50-80/month).

  • AES-256 at rest

    All medication records, audit logs, and resident data are encrypted at rest using AWS KMS-managed keys. Default encryption on every DynamoDB table and S3 bucket.

  • TLS 1.3 in transit

    Every request to and from CareMAR uses TLS 1.3. No support for older cipher suites. Certificates managed via AWS Certificate Manager.

  • Cognito MFA

    Every user account requires MFA. TOTP supported (Authenticator apps). SMS fallback available for facilities without smartphone access. Session tokens stored in sessionStorage only (not localStorage or cookies).

  • Append-only audit trail

    Every medication administration record is written once and never modified. The 2-hour edit window applies only to notes; the underlying medication entry is immutable. Surveyors get a complete chronological record.

  • Role-based access

    Three roles: facility_admin / nurse / cna. Each role has distinct permissions for viewing, recording, and editing. Schedule II medications require dual-witness sign-off.

  • Backups + retention

    Daily backups to S3 with 7-year retention by default. Customer can adjust retention policy in their own AWS account. Point-in-time recovery available for DynamoDB tables.

  • No third-party data sharing

    CareMAR does not sell, share, or aggregate resident data. We do not have access to your AWS account without explicit, time-bound role assumption for support.

What happens if CareMAR goes out of business?

Your software continues to run. Your data continues to be accessible. Your AWS account is yours, not ours. We provide an export tool that produces machine-readable CSV plus a surveyor-ready PDF for any time window — exportable from your own console.

The vendor-lock-in escape hatch is the architecture, not a policy. We can't hold your data hostage because we don't hold it.

Incident response

If a security incident occurs, CareMAR follows a 1-hour classification, 24-72 hour notification protocol per 45 CFR § 164.404. The facility is notified by the founder directly. A healthcare regulatory attorney is engaged on retainer to advise on breach notification scope, state-by-state.

More on HIPAA-specific obligations: HIPAA page.

Questions a security officer would ask

Email hello@caremar.us with subject "Security review." We respond with a detailed control matrix, our BAA template, and (if needed) a 15-minute architecture walkthrough.