A patient’s name, phone number, date of birth, and address sit on a screen for hours at a time in a busy outpatient department or ward, visible to anyone walking past a monitor, glancing over a shoulder, or taking a photo of a screen in passing. Clinical staff need that information to do their work. Everyone else who happens to be within sight of the screen does not. We built Hyella to treat that difference as something the system actively protects, not something left to chance.
Protecting personal information properly means asking two separate questions, not one. Should this role ever be allowed to see this data at all, and does this particular user want it visible right now. We built Hyella to check both, independently. A role that is not allowed to view patient identity details will not receive the actual values in the first place, and the data will not leave the server. On top of that hard rule, a user who is allowed to see it can still choose, at any moment, to hide it on their own screen with a single click, useful when a ward is busy, a visitor is nearby, or a screen is being shared during teaching rounds.
Many systems build a “privacy mode” as a simple blur effect placed over the data, which looks convincing, but the actual values are still sitting underneath, ready to be pulled out by anyone who opens their browser’s developer tools for ten seconds. We built Hyella’s toggle to remove the values from what is sent to the screen in the first place. Once PII is hidden, the placeholder text is the only thing that ever reaches the page. There is nothing underneath to find, because nothing is sent.
Clinical staff move between an outpatient queue, a ward view, and other screens that show patient details throughout a single shift. We built the PII toggle as one setting that follows the user across every one of these screens at once. Hide it once, and it stays hidden everywhere until shown again, instead of needing a separate switch on every single screen that staff have to remember to set each time.
Every facility organises its clinical and administrative roles a little differently. We let administrators decide exactly which roles are allowed to view patient identity details at all, a decision each facility makes for itself, rather than something we assume on their behalf. Roles outside that list never even see the toggle exists, so staff without permission are not shown a “show PII” option to wonder about.
Because the decision to mask data happens on the server, using the same role and session logic the rest of the platform already relies on, it gives a clear, consistent answer to the question every privacy review eventually asks. Who could see this patient’s identity information, under what conditions, and why. That answer never depends on reconstructing what a browser did after the fact. It is enforced the same way, every time, on every screen.
Hyella’s PII protection is built into the clinical workflow itself, not added on as a cosmetic touch. Ask us how it maps to your facility’s roles and privacy obligations.