Patient fields are encrypted before they reach the database
AES-256-GCM with a random 96-bit IV per value, a 128-bit auth tag, HKDF-SHA256-derived subkeys and a key version in the envelope so keys rotate without a migration. Exact-match search runs against an HMAC-SHA256 blind index, not a plaintext column.
MedOS lib/security/encryption.ts · LabOS lib/security/encryption.ts