In a clinical AI deployment, every user action touches patient data, diagnostic outputs, or both. Role-based access control (RBAC) is not a compliance checkbox — it is the architecture that ensures each user can access exactly what they need and nothing more.
Fractify implements a six-tier RBAC model: Viewer, Doctor, Radiologist, Hospital, Supervisor, and Admin. Each role carries a precisely scoped permission set, enforced at every route. A Viewer can see reports but cannot predict or annotate. A Doctor can create studies and view results for their patients. A Radiologist can annotate and generate AI reports. A Hospital role manages users within a single institution. A Supervisor has cross-institution visibility. An Admin has full platform control including user provisioning and audit access.
Multi-Tenant Isolation: Why Hospital Data Must Not Cross
Multi-hospital deployments require data isolation that goes beyond RBAC. In Fractify, each hospital's patient records, studies, and reports are fully isolated at the database query level — not just at the UI level. Clinicians with Doctor or Radiologist roles see only records from their own institution. Supervisor and Admin roles have explicitly granted cross-institution visibility with full audit logging of every cross-institution access.
This architecture satisfies the most common healthcare IT audit requirement: demonstrate that Hospital A's data cannot be accessed by Hospital B's staff under any circumstance.
TOTP 2FA, Session Management, and Audit Trail
RBAC alone is insufficient if credentials can be compromised. Fractify pairs the six-tier role system with TOTP two-factor authentication for all users, 8 one-time backup codes generated on setup, active session management (users can see all active sessions by device and IP and remotely revoke any session), and an immutable audit log recording every prediction, view, share, annotation, and second opinion request — with user ID, IP address, resource identifier, and timestamp. Full CSV export is available for compliance reporting. Databoost Sdn Bhd built this because enterprise healthcare requires enterprise security standards, not startup-grade access control.
Frequently Asked Questions
What are the six RBAC tiers in Fractify?
Fractify uses six roles: Viewer (read-only), Doctor (study creation and own-patient access), Radiologist (annotation and AI report generation), Hospital (institution-level user management), Supervisor (cross-institution visibility), and Admin (full platform control including user provisioning).
How does multi-tenant isolation work?
Each hospital's data is isolated at the database query level. Clinicians with Doctor or Radiologist roles can only access records from their own institution. Cross-institution access requires Supervisor or Admin role and is fully audit-logged.
What security standards does Fractify meet?
Fractify includes TOTP 2FA with backup codes, six-tier RBAC, immutable audit logging, GDPR right-to-be-forgotten, active session management with remote revocation, CSRF protection, API rate limiting, and secure file storage outside the web root.
How does Multi-Tenant Isolation: Why Hospital Data Must Not Cross work?
Multi-hospital deployments require data isolation that goes beyond RBAC. In Fractify, each hospital's patient records, studies, and reports are fully isolated at the database query level — not just at the UI level.
How does TOTP 2FA, Session Management, and Audit Trail work?
RBAC alone is insufficient if credentials can be compromised. Fractify pairs the six-tier role system with TOTP two-factor authentication for all users, 8 one-time backup codes generated on setup, active session management (users can see all active sessions by device and IP and...
How does rbac healthcare six tier work in practice?
In a clinical AI deployment, every user action touches patient data, diagnostic outputs, or both. Role-based access control (RBAC) is not a compliance checkbox it is the architecture that ensures each user can access exactly what they need and nothing
How does Fractify implements clinical imaging data?
Fractify implements a six-tier RBAC model: Viewer, Doctor, Radiologist, Hospital, Supervisor, and Admin. Each role carries a precisely scoped permission set, enforced at every route. A Viewer can see reports but cannot predict or annotate. A Doctor can create studies and view...
What are the clinical benefits of rbac healthcare six tier?
This architecture satisfies the most common healthcare IT audit requirement: demonstrate that Hospital A's data cannot be accessed by Hospital B's staff under any
Contact Fractify at info@fractify.net to discuss enterprise deployment requirements for your institution.