Data Isolation In Healthie

Healthie offers a spectrum of customer data isolation options to help meet our customer's security and compliance requirements. Within that spectrum, there are three most common options.

1) Application-level separation (DEFAULT)

Prerequisites: None. This is the default.

Healthie's infrastructure utilizes multi-tenant databases and customer data is separated at the application level.  Strict privacy controls are present in our application that are designed to ensure data privacy and to prevent one customer from accessing another customer’s data (i.e., logical separation). These controls are verified by automated and manual testing, as well as via regularly conducted 3rd party penetration tests.

Since users on this isolation strategy are logging in from the same domain name/mobile application (The default and Healthie mobile apps), it is possible for a patient or clinician to be working with multiple organizations. When this happens, users see the ability to switch between their different Healthie accounts. We have more info here -

2) Authentication Namespace Separation

Prerequisites: A full or semi whitelabel. Non-whitelabeled domains or apps can no longer be used. Some API arguments need to be adjusted.

With authentication namespace separation, an organization's authentication layer is placed into its own namespace based on the whitelabel domain and mobile app the customer has set up. Underlying data is still stored in a multi-tenant database, but log-in information is scoped just to the customer. This means that users will have separate log-in information for each organization, and will not see the "Switch Account" screen mentioned at

Note: If you’re on your own Namespace and on full whitelabel, you need your own Google OAuth in order to make use of our calendar sync. Additionally, you cannot Namespace a staging environment.

3) Full Database Separation

Prerequisites: A full or semi whitelabel AND a minimum overall contract size. Non-whitelabeled domains or apps can no longer be used. A new header needs to be added to all API arguments.

For customers with very stringent data isolation requirements, Healthie can set up the customer in a new, single-tenant Postgres instance. All application-level separation protections still remain as well, so customers can have multiple separate organizations within the single-tenant database (additional seat costs can apply for the additional organizations).

If you have questions, or requirements not covered in the above options, please reach out to us at

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.