🔒 Built for Healthcare Privacy
BackTrack is designed from the ground up with healthcare data protection in mind. Your patients' trust depends on robust security - we take that seriously.
Core Security Features
🔐 AES-256-GCM Encryption
All BackTrack databases are encrypted using AES-256-GCM, the same military-grade encryption used by governments and financial institutions worldwide.
- Encrypts all patient/client data at rest
- Impossible to read without the correct password
- Includes authentication to prevent tampering
- FIPS 140-2 compliant algorithm
🔑 Argon2id Key Derivation
Database passwords are protected using Argon2id, winner of the Password Hashing Competition and recommended by security experts.
- Resistant to GPU and ASIC cracking attacks
- Memory-hard algorithm prevents brute force
- Adjustable work factors for future-proofing
- No password stored in plaintext - ever
📱 Multi-Factor Authentication (MFA)
Built-in support for TOTP-based MFA using free authenticator apps like Google Authenticator, Microsoft Authenticator, or Authy.
- Optional per-user MFA
- Time-based one-time passwords (TOTP)
- No SMS vulnerabilities
- Works completely offline
👥 Role-Based Access Control
Granular permissions ensure staff only access what they need.
- Admin, Provider, Staff, Read-Only roles
- Per-user access controls
- Separate authentication per user
- Activity logging for accountability
💾 Encrypted Backups
All backups created by BackTrack are fully encrypted.
- Same AES-256 encryption as main database
- Manual and scheduled backups
- Store on external drives or network locations
- Restore capability with password verification
📝 Audit Logging
Comprehensive activity logs track all user actions.
- Login/logout tracking
- Record creation and modification
- User identification and timestamps
- Supports compliance requirements
🖥️ Local Storage = Better Security
Unlike cloud-based systems, BackTrack stores all data locally on YOUR computers. This provides significant security advantages:
- No cloud exposure: Your data never travels over the internet (unless you enable optional sync)
- No third-party access: We cannot access your data - even if we wanted to
- No data breaches: No centralized database means no single point of failure for hackers
- Complete control: You control the physical security of your data
- Works offline: No internet = no attack surface
- Compliance friendly: Easier HIPAA/PIPEDA compliance with local storage
✅ HIPAA Technical Safeguards
BackTrack provides all required HIPAA technical safeguards:
- Access Controls: Unique user IDs, emergency access, automatic log-off, encryption
- Audit Controls: Record and examine activity logs
- Integrity Controls: Protect ePHI from improper alteration or destruction
- Transmission Security: Data stays local (or encrypted in transit if sync enabled)
Note: HIPAA compliance also requires organizational policies, staff training, and proper procedures. Since BackTrack operates locally and we don't access your data, no Business Associate Agreement (BAA) is required for standard use.
🎯 Security Best Practices for Users
While BackTrack provides robust security features, you play a critical role in protecting your data:
Operating System Security
- Enable full-disk encryption (BitLocker for Windows, FileVault for macOS, LUKS for Linux)
- Keep your OS and software updated with security patches
- Use strong passwords or biometric authentication for computer login
- Enable automatic screen lock after inactivity
Password Management
- Use a strong, unique password for BackTrack (12+ characters, mixed case, numbers, symbols)
- Store your Support Code in a secure location (password manager, safe, etc.)
- Never share passwords between users
- Consider using a password manager (1Password, Bitwarden, etc.)
- Enable MFA for all users, especially administrators
Backup Strategy
- Follow the 3-2-1 backup rule: 3 copies, 2 different media, 1 offsite
- Automate backups (daily or weekly depending on volume)
- Test restoring from backups periodically
- Store offsite backups in a secure location (safe, safe deposit box)
- Never store backups on the same computer as your live database
Physical Security
- Secure computers with locks, alarms, or surveillance
- Control physical access to server rooms or workstations
- Never leave computers unattended while logged in
- Dispose of old hard drives securely (wipe or physically destroy)
- Be cautious with portable devices (laptops, USB drives)
Staff Training
- Train all staff on security policies and procedures
- Educate about phishing, social engineering, and malware
- Implement a culture of security awareness
- Review and update policies annually
- Immediately revoke access when staff leave
🔓 Recovery Options
BackTrack provides multiple ways to recover access if you forget your password:
- Support Code: A recovery code you set during initial database creation
- TOTP/Authenticator App: If MFA is enabled, you can use your authenticator app for recovery
- Backup Restore: Restore from an older backup with a password you remember
⚠️ Important: If you lose ALL recovery options (password, support code, TOTP device, and backups), your data cannot be recovered. This is by design - strong encryption means even we cannot decrypt your data. This protects you from unauthorized access but requires you to safely store your recovery information.
🚀 Planned Security Enhancements
We're continuously improving BackTrack's security. Upcoming features include:
- End-to-end encrypted sync: Synchronize data between computers with zero-knowledge encryption
- Hardware security key support: YubiKey and other FIDO2 devices for MFA
- Automatic security updates: Background update checks and installation
- Advanced audit reports: Exportable compliance reports
- Session timeout controls: Configurable automatic logout
- IP whitelisting: For network-connected features (future patient portal)