Security & Privacy — Nexshift for HMR

How access is controlled

Every request passes through authentication, application logic and database-level checks. No single layer is relied on alone.

Step 1

Authentication

Sign-in via Google or email and password
Session managed and verified server-side

Step 2

Application logic

Every AI and data request is validated server-side
Identity confirmed before any action runs

Step 3

Row-level security

Every record is scoped to the pharmacist who created it
Cross-organisation access is not possible by design

Step 4

Documents & reports

Patient documents stored by reference, not public link
HMR and consent PDFs generated in your browser

Pharmacist (signs in)

Authentication (identity verified)

Application layer (request validated)

Row-level security (scoped to organisation)

Database (encrypted at rest)

Privacy & data handling

Designed around the obligations that come with handling Australian patient information.

Australian hosting

Application data is hosted in Australia. Patient information is not stored offshore.

Digital consent records

Patient consent, including method, representative and signature, is captured digitally and stored as a signed PDF record.

Client-side report generation

HMR and consent PDFs are generated in the browser. No patient report content is sent to a third-party PDF service.

Organisation data isolation

Every pharmacist sees only their own patients, referrals and reports. This is enforced at the database level, not just in the app.

Pharmacist stays in control

AI assists with drafting. The pharmacist reviews, edits and signs before anything is sent.

Signature required before completion

A report cannot be marked ready until the pharmacist has added their signature.

Reports lock once sent

Once a report is sent to the GP, the visit and report are locked from further edits automatically.

Patient data, handled the way Australian healthcare law expects