Compliance-ready architecture
for healthcare imaging
Compliance challenges in clinical imaging
Personal devices, third-party hosting, and insufficient logging create regulatory exposure
Personal devices create compliance exposure
Clinical photographs stored on personal phones or consumer cloud applications fall outside organizational security controls, creating gaps in data governance and audit trails.
Third-party hosting distributes compliance obligations
When patient data resides on external cloud infrastructure, compliance responsibilities become shared between the practice and the hosting provider, increasing complexity.
Insufficient logging undermines audit readiness
General-purpose tools rarely provide the level of access and modification tracking required for healthcare compliance audits and regulatory documentation.
Security infrastructure
Layered protections designed to support healthcare regulatory requirements
Compliance tools in the interface
See how audit logging, data retention, and activity tracking are configured in Dermi Atlas
Audit logging configuration
Configure logging levels from essential authentication events to comprehensive system interaction tracking.
Data retention policy
Set retention periods for deleted records and associated audit logs before permanent removal.
Activity log tracking
Track user actions with timestamped entries categorized by type for auditing, compliance, and operational visibility.
See how compliance features work in practice
Explore the full Dermi Atlas platform to see audit logging, encryption, and data retention controls in action.
Compliance capabilities in detail
Select a category to explore specific compliance-supporting features
Encryption and access control
All network traffic within your Atlas deployment is encrypted using TLS. User accounts support two-factor authentication, session management, and single-use verification links for account operations.
Security as a foundation, not an afterthought
Every architectural decision in Dermi Atlas prioritizes patient privacy, data security, and regulatory alignment
Common questions about compliance
How Dermi Atlas architecture supports HIPAA and PIPEDA requirements
Self-hosted deployment places the entire data handling pipeline within your organizational boundary. Patient data never traverses external infrastructure, audit logging tracks all access and modifications, TLS encryption secures network traffic, and configurable retention policies support your compliance obligations.
The self-hosted architecture supports PIPEDA requirements by keeping personal health information under the direct control of the collecting organization. Data residency, access logging, consent management, and data portability features align with PIPEDA principles for handling personal information.
Two logging levels are configurable through Atlas Manager. Essential logging tracks authentication events such as logins and session activity. Comprehensive logging captures all user interactions including data access, modifications, exports, and consent actions, with user, timestamp, and device information.
Atlas supports three configurable deletion policies. Recoverable mode retains deleted data for a defined period before permanent removal. Standard mode removes data after a retention period. Permanent mode deletes immediately. All deletion actions require explicit confirmation and are logged.
Dermi Atlas provides compliance-ready architecture designed to support practices in meeting HIPAA and PIPEDA requirements. The self-hosted model means the practice maintains direct control over compliance implementation. Users are responsible for ensuring their deployment meets all applicable regulatory requirements for their jurisdiction.
Need compliance guidance?
Review our security documentation or contact our team for questions about compliance capabilities.
Explore compliance-ready clinical imaging
Learn how Dermi Atlas combines self-hosted deployment, encryption, audit logging, and data retention tools to support healthcare compliance.
Resources and further reading
Compliance guides and security documentation for healthcare practices
Try Dermi Atlas Today
Start with Dermi Atlas Cloud for free, or deploy Dermi Atlas Professional on your infrastructure with a 30-day trial.
Dermi Atlas Cloud Demo
No time limit
Explore Dermi Atlas features instantly in your browser with our hosted demo environment. Free forever, no commitment required.
Dermi Atlas Professional
per license · First 30 days free
Deploy on your own infrastructure with complete feature access, real patient data support, and dedicated technical support.
Need help choosing?
Learn more about Atlas Professional features, explore Atlas Manager for deployment and infrastructure management, or speak with our team about your practice needs
Purpose-built for dermatology and aesthetic practices · HIPAA & PIPEDA compliant architecture · Complete data sovereignty
Synthetic Data Notice
All demonstrations, screenshots, and media on this page use synthetic data only. No real patient information is shown.
The following are synthetic and do not correspond to real patients:
- All human faces and individuals are synthetic and do not represent real people
- All clinical and medical images, including photographs and scans, are synthetic or simulated
- All patient names, dates, identifiers, and other details are fictional
- All clinical notes and documentation are sample content for demonstration only
Media is provided solely to illustrate platform functionality and workflows.