SECURITY & DATA HANDLING

How we handle patient information

Plain-language summary of what Beacon does (and does not do) to protect patient health information. Updated 2026-04-28.

Encryption

In transit: every page on this site is served over TLS 1.3 with a Let's Encrypt certificate. Forms submit over the same encrypted channel.

At rest: patient submissions are encrypted on disk using AES-256-GCM with a per-record initialization vector. The decryption key is held in a 0400-mode file accessible only to the Beacon service account; no other process can read patient records.

Audit logging

Every read, write, edit, and export of a patient record is appended to a tamper-evident audit log. The log uses a SHA-256 hash chain — each entry references the hash of the previous entry, so any after-the-fact modification breaks the chain visibly. Admin staff can inspect the log and verify chain integrity from the admin console.

Who can see your data

Patient submissions are reviewed by the Principal Investigator (Tamara C Tamas, MS) and, when applicable, the matched study site's clinical team. Each record carries a versioned consent text and a typed-name electronic signature with timestamp + IP + user-agent recorded. You can revoke access at any time by emailing patients@beaconcr.com from the email address you used to register.

Patient consent management

When you submit a registration we store the exact consent text shown to you, the form version, and your typed-name signature with a precise timestamp. This is the same record we file with FDA Form 3926 and provide to the IRB if requested.

What we are honest about

HIPAA compliance is a process, not a feature. Beacon Clinical Registry currently runs as a self-hosted Next.js application with the technical safeguards described above, but a fully HIPAA-certified deployment requires:

  • A Business Associate Agreement (BAA) with the hosting provider
  • Annual third-party risk assessment and penetration testing
  • Documented breach notification procedures
  • Multi-user role-based access control with formal access reviews

We are progressively adding these. If your study or institution requires a signed BAA before you can route patient identifiers to Beacon, please contact us — we'll work with you on a hosting arrangement that satisfies your institutional requirements.

Your rights

  • Request a copy of all data we hold about you
  • Request correction or deletion of your data
  • Withdraw consent at any time (does not affect data already shared with FDA / IRB if filed)
  • Receive a copy of any submission filed on your behalf

Email patients@beaconcr.com from your registered email address to exercise any of these.