Fizy health
Is Fizy Health safe?

Safe for patients means safe defaults for clinic operators

Fizy Health is built for healthcare-grade safety: HIPAA-aligned platform controls, BAA executed before production PHI is stored, Postgres row-level security keyed on organization and clinic, audit records on patient-linked cart and order actions, TLS in transit, and fulfillment through LegitScript-certified 503A partners. Safety also means engineering discipline — patient names, prescription contents, and demographics do not appear in routine application logs.

Clinic owners searching is Fizy Health safe need a clear map of data boundaries, partner verification, and what the platform does before checkout — not generic SaaS promises.

Start Ordering Free BAA at onboarding Security page
HIPAA-aligned platform Tenant isolation Per-line audit trail TLS everywhere LegitScript partners PHI-safe logging
Safety model

What safety means on a pharmacy ops platform

Safety on Fizy Health spans three layers: protecting patient data in software, routing fulfillment to verified compounders, and catching order errors before payment. Clinics evaluating safety should read all three — the Security page covers the first; partner assignment and cart validation cover the rest.

  • Data

    Isolation, encryption, and least-privilege access

    Patient, cart, and order data live in Postgres with row-level security scoped by organization and clinic. Staff see only patients and orders for sites they are assigned to. Traffic uses TLS; designated high-sensitivity fields use application-level encryption. Role gates apply on prescriber workflows.

  • Accountability

    Audit trail when staff touch patient-linked orders

    Cart reads and mutations that include patient identifiers write audit records with actor, organization, patient, and action. That supports HIPAA access review and internal ops accountability. Details use identifiers and counts — not prescription contents in logs.

  • Fulfillment

    Verified 503A partners — not anonymous drop-shippers

    Orders route to LegitScript-certified compounding pharmacies in the network. Partner verification reduces compounding compliance risk alongside platform controls. Formulation quality and certificates of analysis remain partner responsibilities clinics can diligence directly.

  • Pre-payment checks

    Validation before money leaves the clinic

    Cart validation catches invalid SIGs, prescriber state mismatches, and stock gaps before checkout. Fewer paid rejections means fewer patient delays and fewer recovery conversations — a practical safety outcome for high-volume refill days.

Safety controls documented on the Security page and in onboarding

BAA before production PHI Row-level tenant isolation Audit on PHI-linked actions Webhook signature verification Rate limits on auth surfaces SOC 2 frameworks implemented

Is Fizy Health the right safety posture for your clinic?

Built for you if

You store patient-linked order data and need healthcare-grade controls.

  • You need a signed BAA and tenant isolation before moving production refill volume to a new vendor.
  • Compliance or ops leads ask who accessed a patient order and when — audit trails matter.
  • You order across multiple 503A partners and want verified compounders behind one checkout.
May not be ideal if

Your safety requirements fall outside B2B clinic ordering.

  • You are evaluating retail pharmacy POS or patient-direct consumer ordering — Fizy Health is clinic software only.
  • You need independent SOC 2 Type II certification today — we implement frameworks and share docs under NDA.
  • You require capabilities not yet shipped — confirm on a demo before switching production volume.
Safety in daily workflow

Product controls that protect patients and margin

Safety is not only infrastructure — it is what your team experiences on refill day when validation and routing work before payment.

Explore all platform capabilities
Learn more

Related safety and trust guides.

See the full Fizy Health guide
FAQ

Safety questions clinics ask about Fizy Health.

  • Data

    How is patient data isolated on Fizy Health?

    Fizy Health scopes patient, cart, and order data per organization and clinic using Postgres row-level security plus role-based access. Staff only see patients and orders for clinics they are assigned to. Unrelated clinic accounts cannot read each other's data.

  • HIPAA

    When is a BAA signed?

    The Business Associate Agreement is part of onboarding before your organization stores live patient data in production. Multi-location groups can manage several clinics under one org while keeping staff access scoped to assigned sites.

  • Audit

    Are patient-linked actions audited?

    Yes. Cart and order flows that include patient identifiers write audit records with actor, organization, patient, and action. That supports HIPAA access review without logging prescription contents in application logs.

  • Logging

    Does Fizy Health log PHI in application logs?

    Engineering standards prohibit patient names, DOB, addresses, and prescription contents in routine application logs. Investigations use identifiers and audit rows — see the Security page for logging discipline detail.

  • Partners

    Are pharmacy partners verified for safety?

    Fulfillment routes to LegitScript-certified 503A compounding pharmacies in the network. Clinics should still confirm formulary, state coverage, and partner-specific quality documentation during onboarding.

Order on a platform built for clinic safety.

Start free, review the Security page, and sign your BAA during onboarding before production patient data is stored on Fizy Health.

Start Ordering Free BAA at onboarding Security and compliance