Security Model
How JamEMR protects clinical data — role-based access control, registered API tokens, audit logging, TLS in transit, and local AI processing. A summary for administrators and developers.
The short version
JamEMR’s security model rests on five controls: role-based access control, registered API tokens, audit logging, TLS for data in transit, and local AI processing that keeps PHI inside the practice’s environment. This page summarizes each for a technical audience; the Trust Center covers our compliance posture in more depth.
Role-based access control (RBAC)
Every user has a role — clinical, front desk, administrative — and every action in the system is checked against it. A front-desk account can manage the schedule but cannot read clinical notes; access follows job function, not convenience. Roles are enforced at the API backend, so the same rules apply whether a request comes from the web application or an integration.
Registered API tokens
Programmatic access to JamEMR uses API tokens that must be explicitly registered before they work. Tokens are:
- Registered, not minted ad hoc — an unregistered token is rejected, full stop.
- Scoped — tied to a specific purpose and access level.
- Revocable — a token can be invalidated immediately without affecting others.
This gives administrators a complete, auditable inventory of everything with programmatic access to clinical data.
Audit logging
Actions against clinical data are recorded in the audit log: who acted, what they did, and when. This includes AI-assisted workflows — every ambient documentation draft, edit, and signature is logged, so the provenance of a note can always be reconstructed.
Encryption in transit
Connections to JamEMR are protected with TLS. Deployment configuration, including certificate management for the practice’s environment, is handled during guided deployment.
Local AI processing
AI inference on patient data runs on dedicated hardware inside the practice’s deployment environment. PHI is not sent to third-party consumer AI services for processing. This is an architectural commitment, not a configuration option — see Architecture.
Compliance posture, honestly
There is no such thing as “HIPAA certified” software; HIPAA compliance is a property of an organization and its practices. JamEMR is designed to support a covered entity’s compliance program — RBAC, audit logging, encryption in transit, and BAAs executed before any PHI is handled. Details, including our safeguards documentation, are in the Trust Center.
Reporting a security issue
If you believe you have found a security vulnerability, email security@jamemr.com. We ask for responsible disclosure and will respond promptly.