Skip to main content

Data & Security

LAMISPlus is designed to protect patient data at every level of operation. This page describes the security commitments the platform makes to health facilities, administrators, and the patients whose records are held within it.

Facility data isolation

Each facility's patient records, clinical data, and configuration are completely isolated from every other facility on the platform. A staff member at one facility has no visibility into any other facility's data regardless of their role or access level.

This isolation is enforced by the platform itself, not by policy or administrator configuration. It cannot be overridden by user error or administrative action.

When a new facility joins the platform, its data environment is created automatically. No data from existing facilities is affected or accessible during this process.

Access control

Access to the platform requires verified credentials. Sessions are time-limited and expire automatically after a period of inactivity, ensuring that an unattended workstation does not remain an open entry point.

Every action a staff member performs is tied to their identity and their facility. The platform verifies both on every interaction. A session valid for one facility carries no access to any other facility's records.

Permission enforcement

Every staff member has a defined role that determines what they can view, create, and modify. These permissions are enforced consistently at every level of the platform, not only in what the interface shows.

A staff member cannot perform an action their role does not permit, regardless of how they access the system. Interface restrictions and underlying enforcement are consistent throughout. There is no gap between what a user sees and what the system allows.

System resilience

LAMISPlus is structured so that a problem in one clinical area does not affect the rest of the platform. A disruption to the laboratory workflow does not interrupt outpatient consultations or pharmacy operations. Each clinical area can be updated or maintained independently without affecting others.

This means facilities can continue delivering care in unaffected areas even during planned maintenance or an unexpected issue in one part of the system.

Audit trail

Every action that creates or modifies a patient record, clinical note, dispensing record, or user account is permanently logged. The log captures who performed the action, which facility they belong to, and when it occurred.

Audit records cannot be modified or deleted through normal platform operation. Facility staff and facility administrators can view logs relevant to their facility. Broader audit access is restricted to platform-level oversight roles only.

Data retention

Patient records and clinical data are retained by default for as long as the facility requires. Facilities can configure archiving policies for inactive records. Archived records remain searchable and can be retrieved at any time. No clinical record is permanently removed through normal platform use.

Encryption

All data in transit between users and the platform is encrypted. Data stored by the platform is encrypted at rest. These protections apply uniformly across all facilities and deployment environments.