Healthcare — mental health · 2026 · Client build

Clinical records for a psychology practice

POPIA-grade digital intake with signature capture, structured session notes, and encrypted health records.

AES-256-GCM at restHealth-record encryption
Passkeys, no passwordsSign-in
Digital, signature-capturedIntake
Structured MSE formatSession notes

The problem

A clinical psychology practice handled intake on paper and stored the most sensitive category of personal information — mental-health records — in files and inboxes. POPIA treats health data as special personal information; the bar for storing it is high and the consequences of getting it wrong are severe.

The approach

Intake became a signed digital flow: consent, history, and signature captured before the first session. Session records use structured mental-status-examination (MSE) notes. All patient health information is encrypted at rest with AES-256-GCM, and clinicians sign in with passkeys — no passwords to phish. The interface uses a calm, deliberately quiet design system ('Sanctuary') built for the context of a therapy practice.

The outcome

Patient records are encrypted, access is passkey-gated, and intake is complete and signed before the first appointment. The practice's POPIA posture went from filing cabinet to provable.

WebAuthn passkeysAES-256-GCMServer-driven UI

Something similar?

Tell us what you're building.

A real reply from the engineer who built this, usually within one business day. Urgent? WhatsApp 083 661 6366.

What do you need?