Security & Privacy
How HIVA protects healthcare data with enterprise-grade security, NDPR compliance, and privacy-first architecture.
HIVA is built from the ground up with healthcare data security as a core principle. We understand the sensitivity of health information and maintain the highest standards of data protection, aligned with Nigerian and international regulations.
Data Encryption
- AES-256 encryption for all data at rest
- TLS 1.3 for all data in transit
- End-to-end encryption for sensitive health records
- Encrypted database backups with automated key rotation
NDPR Compliance
- Full compliance with Nigeria Data Protection Regulation (NDPR) 2023
- Data Processing Impact Assessments (DPIA) conducted regularly
- Consent management and data subject rights enforcement
- Data Protection Officer (DPO) oversight and governance
- Lawful basis for processing documented for all data categories
Access Control
- Role-Based Access Control (RBAC) with granular permissions
- Multi-factor authentication (MFA) for admin accounts
- API key management with scope-limited tokens
- Session management with automatic timeout
- Audit logging for all administrative actions
Infrastructure Security
- SOC 2 Type II aligned infrastructure
- Automated vulnerability scanning and patching
- DDoS protection and rate limiting
- Network segmentation and firewall policies
- Regular penetration testing by third-party auditors
Data Handling & Privacy
- Minimal data collection — only what is necessary for service delivery
- Data anonymisation for analytics and reporting
- Clear data retention policies with automated deletion schedules
- No sale or sharing of health data with third parties
- Patient data isolation between tenants (multi-tenant architecture)
Compliance & Standards
- NHIA guidelines alignment for health data handling
- ISO 27001 information security management alignment
- Regular compliance audits and documentation
- Incident response plan with 24-hour notification window
- Data breach notification procedures per NDPR requirements