Your Patient Data Is Safe With Us
Built from the ground up to protect the most sensitive health data in South African EMS and hospital environments.
Last updated: 8 April 2026
AES-256
Encryption at rest
TLS 1.2+
Encryption in transit
TOTP 2FA
Multi-factor authentication
72hr
Breach notification SLA
Why hospitals trust UCIP
UCIP was built specifically for South African healthcare. Every feature, every database field, every access control rule was designed with POPIA, HPCSA guidelines, and the National Health Act in mind.
We don't bolt security on after the fact. Patient data protection is foundational to the platform architecture. When your hospital connects to UCIP for inter-facility transfers, clinical handovers, or shared patient records, you can be confident that the data is handled with the care it deserves.
Data encryption — every layer, every field
We don't just encrypt the database. We apply field-level encryption to every piece of sensitive patient information, ensuring that even in the unlikely event of a database compromise, the data remains unreadable.
Patient identifiers
SA ID numbers, passport numbers, and medical aid details are encrypted with AES-256-GCM. Deterministic encryption enables lookups without exposing plaintext values.
Medical records
Allergies, medications, chronic conditions, and ISBAR clinical handover data are encrypted at the field level. Only authorised clinicians with valid sessions can decrypt.
Digital signatures
Clinician and patient signatures captured on the platform are encrypted at rest, ensuring non-repudiation while protecting biometric data.
Authentication secrets
Passwords are hashed with bcrypt. Two-factor authentication secrets and API keys are stored with application-level encryption, never in plaintext.
Access control — who sees what
Every data request passes through multiple layers of access control. We enforce the principle of least privilege at every level.
Organisation isolation
Multi-tenancy is enforced at the query level, not just the UI. Every database query is automatically scoped to the user's organisation. One hospital can never see another's data, even if they share the same platform.
Role-based access
Three distinct roles — admin, clinician, and paramedic — each with precisely defined permissions. Admins manage the organisation, clinicians access full clinical records, and paramedics see only what they need for active transfers.
Mandatory 2FA
Two-factor authentication is mandatory for admin and clinician roles. This ensures that even compromised credentials cannot provide access to sensitive clinical data.
Short-lived sessions
JWT access tokens expire after 15 minutes. Refresh tokens last 30 days but can be revoked instantly. The mobile app enforces PIN lockout after three failed attempts.
Complete audit trail
Every access to patient data creates an immutable audit log entry. These records cannot be edited or deleted, even by system administrators.
What we log
Audit logs are available for regulatory inspection at any time. Your hospital's compliance team can request a full audit report for any patient or time period.
Automated data retention
UCIP enforces legally compliant data retention periods automatically. You don't need to remember — the system handles it.
Retention periods
Adult patient records are retained for 6 years after the last interaction. Minor patient records are retained until the patient turns 21, in accordance with HPCSA guidelines and the National Health Act.
Anonymisation, not deletion
When the retention period expires, personal information is replaced with REDACTED. The clinical record structure is preserved for statistical and research purposes, but all identifying information is permanently removed.
Daily automated job
The data retention job runs daily. It cannot be bypassed, overridden, or disabled by any user, including administrators.
Breach detection and notification
If a security incident occurs, our system ensures that all legally required notifications happen within the prescribed timeframes.
SecurityIncident tracking
Every potential breach is logged as a SecurityIncident with severity classification, affected data categories, and estimated impact. A 72-hour countdown begins automatically.
Automatic admin alerts
Organisation administrators are notified immediately when an incident is created. No manual intervention is required to begin the response process.
Regulator notification
Pre-built email templates conforming to POPIA Section 22(3) requirements enable rapid notification to the Information Regulator. Data subject notification templates are also available.
Consent tracking
UCIP tracks three types of patient consent, each managed independently and revocable at any time.
Every consent record is timestamped, attributed to the person who captured it, and can be revoked. The API returns consent status on every patient record, so your systems always know the current state.
Data subject rights
Patients and their representatives can exercise their POPIA rights through our formal Data Subject Access Request (DSAR) process.
Structured DSAR process
Requests are submitted via a public form, verified against the requester's SA ID number, and tracked with a unique reference number. We respond within the 30-day SLA prescribed by POPIA. Every request is logged for audit purposes.
Secure session sharing with hospitals
When EMS providers share patient transfer data with receiving hospitals, the sharing mechanism itself is secured.
Cryptographic access tokens
Shared sessions use cryptographically random tokens with configurable expiry periods. Access is logged with timestamps and IP addresses. Role-based collaborator access ensures hospital staff see only what is relevant to the handover.
No sensitive data in emails
Notification emails contain only a link to the secure platform. Patient names, ID numbers, and clinical data are never included in email bodies or subject lines.
No sensitive data in logs
Application logs are essential for debugging and monitoring, but they must never contain patient data. UCIP filters all PII from logs automatically.
Filtered fields
Web security headers
Every response from UCIP includes security headers that protect against common web attacks.
Content-Security-Policy
Prevents XSS and code injection attacks
X-Frame-Options
Blocks clickjacking by preventing iframe embedding
X-Content-Type-Options
Prevents MIME type sniffing attacks
Referrer-Policy
Controls what information is sent in the Referer header
Permissions-Policy
Restricts browser features like camera, microphone, and geolocation
South African regulatory compliance
UCIP is built to comply with every relevant South African regulation governing healthcare data.
POPIA — Protection of Personal Information Act
Full compliance with all 8 conditions of lawful processing. Special personal information (health data) handled under Section 26-34 exemptions. View our full POPIA compliance page.
PAIA — Promotion of Access to Information Act
Our Section 51 manual is publicly available and describes the categories of records held, how to request access, and the applicable fees. View our PAIA manual.
HPCSA Guidelines
Record retention periods, clinical documentation standards, and practitioner confidentiality obligations are built into the platform's workflows and automated processes.
National Health Act
Patient confidentiality requirements under the National Health Act are enforced through access control, encryption, and audit logging at every layer of the platform.
Ready to see it in action?
We'd love to walk your IT and compliance team through our security architecture.