Your patients' data is safe with OpdNest

Patient health records are among the most sensitive data in existence. OpdNest is built with security-first architecture — encryption, role-based access, daily backups, audit logs, and full compliance with India's DPDP Act and ABDM standards.

Security architecture

How we protect patient data

Encryption at rest and in transit

All patient data is encrypted using AES-256 at rest. Data in transit is protected by TLS 1.3. No patient record is ever transmitted or stored in plain text.

Data stored in India

Patient data is stored exclusively on servers physically located in India, compliant with the Digital Personal Data Protection (DPDP) Act 2023. We do not transfer health data outside India.

Role-based access control (RBAC)

Every staff member sees only what their role permits. Doctors see clinical records; billing staff sees invoices; receptionists see appointments. Admin controls permissions per user.

Daily automated backups

Patient data is backed up automatically every day. Backups are encrypted, stored redundantly, and retained for 30 days. Data recovery is available at any time.

Full audit trail

Every data access, modification, and deletion is logged with timestamp, user identity, and IP address. Audit logs are tamper-evident and retained for compliance.

Incident response

OpdNest has a documented incident response plan. Any suspected data breach is investigated within 72 hours and affected clinics are notified as required by the DPDP Act.

Regulatory compliance

Compliant with India's healthcare data regulations

OpdNest is designed for India's regulatory landscape — DPDP Act 2023, ABDM standards, and IT Act 2000.

Digital Personal Data Protection (DPDP) Act 2023

Compliant

OpdNest processes patient health data as a Data Processor on behalf of the clinic (Data Fiduciary). We comply with DPDP Act requirements including purpose limitation, storage limitation, and data subject rights (correction, erasure, nomination).

ABDM (Ayushman Bharat Digital Mission)

Compliant

OpdNest is built to ABDM standards. We support ABHA Health ID integration, ABDM consent lifecycle management (request, grant, revoke), and health record sharing with authorised providers — all with full patient control.

CGHS & PM-JAY Scheme Data Handling

Compliant

Scheme beneficiary data (CGHS, PM-JAY, Ayushman Bharat) is handled in accordance with government scheme data requirements. Beneficiary IDs, verification data, and claim information are stored securely and accessible only to authorised clinic staff.

IT Act 2000 (Section 43A — Sensitive Personal Data)

Compliant

Health information is classified as Sensitive Personal Data under Section 43A of the IT Act 2000. OpdNest implements reasonable security practices and procedures as required for handling sensitive patient health information.

Our commitments

What we promise about your data

Patient data is never sold to third parties
We do not use patient health data for advertising
Clinic data is yours — export it anytime as CSV/Excel
Data deletion is permanent and irreversible on request
Staff access is logged; anomalous access triggers alerts
New staff must be explicitly added by the clinic admin
Session tokens expire automatically after inactivity
All API endpoints are authenticated and rate-limited

Technical details

Security specifications

ComponentSpecification
Encryption at restAES-256
Encryption in transitTLS 1.3
Password hashingbcrypt with salt rounds ≥ 12
Session managementHTTP-only cookies, auto-expiry on inactivity
Data residencyIndia (Cloudflare India edge + Indian origin servers)
Backup frequencyDaily automated backups, 30-day retention
Audit log retentionMinimum 1 year, tamper-evident
API authenticationJWT + session cookie, rate-limited
Access controlRole-based (RBAC), per-clinic and per-user
Security headersHSTS, CSP, X-Frame-Options, Referrer-Policy

Security contact

Report a security concern

If you discover a security vulnerability in OpdNest, please report it responsibly to our security team. We investigate all reports within 72 hours and acknowledge reporters who help us improve.

support@opdnest.com

Subject: Security Report — OpdNest

Secure clinic software — starting at ₹399/month.

Patient data security doesn't have to be expensive. OpdNest brings enterprise-grade security practices to small and mid-size clinics in India.

Or call us: +91-78-0107-6600·Mon – Sat · 9:00 AM – 7:00 PM IST