Security & Trust at PawthosX

ClinicOS is built on a simple principle:

Written By Brendan Baker

Last updated About 3 hours ago

your clinic owns its data, your clinic controls its data, and your clinic decides how it flows.

Every layer of PawthosX — the MCP, the AI assistants, the App Store, the OpenAPI, and RosettaX migrations — is designed with privacy, safety, and operational integrity at the core.

This page explains how we protect your clinic, your clients, and your team.

1. Data Ownership & Control

You Own Your Data

We don’t sell it.
We don’t use it for anything outside powering ClinicOS for your clinic.

You Control Access

  • Every integration is permission-scoped

  • You see exactly what each connection can read/write

  • You can revoke access instantly

  • Transparency dashboards show what’s connected and why

Inspired by modern privacy frameworks, ClinicOS makes permissions visible, reversible, and auditable.

2. Encryption Everywhere

Data In Transit

Encrypted with TLS 1.2+ across all communications.

Data At Rest

Encrypted with AES-256 within our managed cloud stack.

RosettaX Migration Keys

Data you upload is encrypted automatically.
You hold the key, and nothing proceeds until your clinic authorizes mapping.
PawthosX Labs cannot decrypt your export without your explicit approval.

This structure ensures that your clinic remains the gatekeeper, even during migration.

3. MCP Safety & AI Governance

The Master Control Program (MCP) is the intelligence and safety layer that:

  • Enforces role-based permissions

  • Runs guardrails on every AI action

  • Validates clinical suggestions

  • Monitors integrations for misuse

  • Audits high-risk operations

  • Prevents cross-role or cross-clinic data leaks

No AI action bypasses MCP.
Nothing becomes “auto-binding.”
Every workflow respects Human-in-the-Loop review.

4. Role-Based Access Control (RBAC)

Every module in ClinicOS has granular permissions:

  • Atlas + Flowboard

  • ChronicleAI

  • DischargeAI

  • CarePlanAI

  • SupplyRoom

  • PulseCheck

  • Vault

  • App Store

  • OpenAPI

Roles define what a user can see, do, or modify.
Admins can customize access at any time.

All access changes are fully audit-logged.

5. Audit Logs & Traceability

ClinicOS tracks:

  • Who did what

  • When

  • From which device

  • What changed

  • Which workflows were triggered

  • Which integrations were involved

This ensures full traceability for clinical, operational, and legal requirements.

6. OpenAPI Security

OpenAPI endpoints are:

  • Token-gated

  • Scope-limited

  • Rate-limited

  • Audit-logged

  • MCP-validated

  • Revocable instantly

Integrations cannot exceed the permissions you explicitly grant.
Every call is checked for:

  • safety

  • compliance

  • correct scope

  • correct clinic ownership

If anything looks off, MCP automatically throttles or suspends the integration.

7. Migration Safety (RosettaX)

RosettaX — operated by PawthosX Labs — is built for safe migrations:

  • Self-service uploads

  • Automatic encryption

  • Clinic-held keys

  • Controlled decode authorization

  • Mapping transparency

  • Flagged data for admin review

  • Full import audit trail

Legacy PIMS exports are messy — RosettaX makes them safe.

8. Privacy-First AI

PawthosX AI modules (TriageAI, ChronicleAI, CarePlanAI, B.O.N.D., etc.) are designed with strict rules:

  • No AI model has free access to your entire database

  • AI sees only the context MCP approves for that session

  • No training on your clinic’s private data

  • No cross-clinic data blending

    • The VIP network requires clinics to Opt-in to 100% anonymous, not traceable data sharing in order to take advantage of this feature. More information to come. None of this would put PII, VCPR, or protected privacy information at risk.

  • All AI outputs require human review before committing

Intelligence supports your team.
It never overrides your clinical authority.

9. Infrastructure Security

ClinicOS runs on modern cloud infrastructure with:

  • Isolated tenant environments

  • Firewalling and access segmentation

  • Automated patching

  • Multi-region redundancy

  • Continuous monitoring

  • DDoS mitigation

  • Encrypted backups

We do the heavy engineering so your clinic gets the speed and reliability without the risk.

10. Commitment to Transparency

You get:

  • Clear permissions

  • Clear data flows

  • Clear audit logs

  • Clear integration visibility

  • Clear control over what you share

No dark corners.
No hidden pipelines.
No surprises.

Trust Is Earned Daily

Security isn’t a badge — it’s daily discipline.
Every part of the PawthosX ecosystem is designed to protect:

  • your data

  • your clinic

  • your clients

  • your team

  • your reputation

If your clinic ever has concerns or compliance requirements, we’ll meet them head-on.