TH
TAMIA Health Systems

Security and regulatory compliance

Healthcare data privacy is our top priority. Secure infrastructure, GDPR-compliant, and purpose-built for European healthcare.

Zero Knowledge

Not even we can see your data

TAMIA uses a zero-knowledge architecture: your patients' clinical data is encrypted client-side before it leaves your device. Encryption keys are automatically generated and stored in your environment — never on our servers.

This means that even in the event of a security breach in our infrastructure, your patient data remains completely inaccessible and unreadable.

AES-256 at rest TLS 1.3 in transit Client-side encryption
✓ Data encrypted at source
✓ Keys outside Tamia
✓ Vendor has no access

Security features

Technical and organizational measures to protect your patients' data.

Zero-knowledge architecture

Clinical data is encrypted client-side before it leaves your device. Tamia never has access to your patient data — not even we can read it.

End-to-end encryption

AES-256 at rest, TLS 1.3 in transit. Encryption keys are automatically generated and stored in your environment, never on our servers.

EU cloud hosting

All data is hosted on servers located in the EU. No international data transfers.

GDPR compliance

Designed and operated in compliance with the General Data Protection Regulation (GDPR).

Data Processing Agreement (DPA)

Data Processing Agreement available to all customers as required by GDPR.

Multi-factor authentication (MFA)

Two-factor authentication to protect user access.

Single Sign-On (SSO)

Integration with corporate identity providers via SAML 2.0 and OAuth 2.0.

Role-based access control (RBAC)

Granular permissions per user, professional role, and system module.

Full audit trails

Detailed logging of all actions: access, queries, modifications, and deletions.

Automatic backups

Daily backups with 30-day retention. Guaranteed disaster recovery.

Data export

Full export mechanisms in industry-standard formats: CSV, HL7, FHIR.

GDPR

Full GDPR compliance

TAMIA Health Systems is designed from the ground up to comply with the European Union's General Data Protection Regulation.

  • Data hosted exclusively in the EU
  • Right to erasure and data portability
  • Explicit, documented consent
  • Security breach notification
  • DPA (Data Processing Agreement) included
Access control

Advanced permission management

Granular control over who can access what information. Configurable permissions by role, specialty, and site.

  • Predefined roles (physician, nursing, administration)
  • Customizable permissions per module
  • Data segregation per site (multi-site)
  • Optional multi-factor authentication
Audit

Complete activity logging

All actions are logged to meet audit and traceability requirements mandated by healthcare regulations.

  • Record access logging
  • Data modification traceability
  • Change history with date, time, and user
  • Log export for external audits
TAMIA Audit Log
11:42:18LOGINDr. García — MFA verified
11:43:05VIEWEHR #4821 — Patient: M.R.L.
11:44:12EDITEHR #4821 — Clinical note updated
11:45:30VIEWPACS — Chest X-ray study #1847
11:47:01PRINTRadiology report #1847
11:48:55RXE-prescription — 2 medications
11:52:10EXPORTMonthly log — CSV downloaded
11:53:44LOGOUTDr. García — Session closed

Standards and regulations

Compliance with international security and interoperability standards.

GDPR / RGPD

European Union General Data Protection Regulation

ISO 27001

Designed in alignment with the international information security management standard (aligned, not certified)

HL7 / FHIR

Healthcare interoperability standards

Questions about security or GDPR?

Our security and compliance team can address all your questions and provide additional documentation.

Request demo