Your patients' data is safe with OpdNest
Patient health records are among the most sensitive data in existence. OpdNest is built with security-first architecture — encryption, role-based access, daily backups, audit logs, and full compliance with India's DPDP Act and ABDM standards.
Security architecture
How we protect patient data
Encryption at rest and in transit
All patient data is encrypted using AES-256 at rest. Data in transit is protected by TLS 1.3. No patient record is ever transmitted or stored in plain text.
Data stored in India
Patient data is stored exclusively on servers physically located in India, compliant with the Digital Personal Data Protection (DPDP) Act 2023. We do not transfer health data outside India.
Role-based access control (RBAC)
Every staff member sees only what their role permits. Doctors see clinical records; billing staff sees invoices; receptionists see appointments. Admin controls permissions per user.
Daily automated backups
Patient data is backed up automatically every day. Backups are encrypted, stored redundantly, and retained for 30 days. Data recovery is available at any time.
Full audit trail
Every data access, modification, and deletion is logged with timestamp, user identity, and IP address. Audit logs are tamper-evident and retained for compliance.
Incident response
OpdNest has a documented incident response plan. Any suspected data breach is investigated within 72 hours and affected clinics are notified as required by the DPDP Act.
Regulatory compliance
Compliant with India's healthcare data regulations
OpdNest is designed for India's regulatory landscape — DPDP Act 2023, ABDM standards, and IT Act 2000.
Digital Personal Data Protection (DPDP) Act 2023
CompliantOpdNest processes patient health data as a Data Processor on behalf of the clinic (Data Fiduciary). We comply with DPDP Act requirements including purpose limitation, storage limitation, and data subject rights (correction, erasure, nomination).
ABDM (Ayushman Bharat Digital Mission)
CompliantOpdNest is built to ABDM standards. We support ABHA Health ID integration, ABDM consent lifecycle management (request, grant, revoke), and health record sharing with authorised providers — all with full patient control.
CGHS & PM-JAY Scheme Data Handling
CompliantScheme beneficiary data (CGHS, PM-JAY, Ayushman Bharat) is handled in accordance with government scheme data requirements. Beneficiary IDs, verification data, and claim information are stored securely and accessible only to authorised clinic staff.
IT Act 2000 (Section 43A — Sensitive Personal Data)
CompliantHealth information is classified as Sensitive Personal Data under Section 43A of the IT Act 2000. OpdNest implements reasonable security practices and procedures as required for handling sensitive patient health information.
Our commitments
What we promise about your data
Technical details
Security specifications
| Component | Specification |
|---|---|
| Encryption at rest | AES-256 |
| Encryption in transit | TLS 1.3 |
| Password hashing | bcrypt with salt rounds ≥ 12 |
| Session management | HTTP-only cookies, auto-expiry on inactivity |
| Data residency | India (Cloudflare India edge + Indian origin servers) |
| Backup frequency | Daily automated backups, 30-day retention |
| Audit log retention | Minimum 1 year, tamper-evident |
| API authentication | JWT + session cookie, rate-limited |
| Access control | Role-based (RBAC), per-clinic and per-user |
| Security headers | HSTS, CSP, X-Frame-Options, Referrer-Policy |
Security contact
Report a security concern
If you discover a security vulnerability in OpdNest, please report it responsibly to our security team. We investigate all reports within 72 hours and acknowledge reporters who help us improve.
support@opdnest.comSubject: Security Report — OpdNest
Secure clinic software — starting at ₹399/month.
Patient data security doesn't have to be expensive. OpdNest brings enterprise-grade security practices to small and mid-size clinics in India.