Clinical portal onboarding

Full patient and prescriber self-registration requires a HIPAA Business Associate Agreement, encrypted PHI storage (for example Supabase with correct region and RLS), identity proofing, and legal review. This site ships a hardened MFA-backed login prototype so engineering can wire those services without storing real PHI today.

• Select role on login and authenticate with MFA (TOTP or fixed demo code).
• Session timeouts and audit hooks are scaffolded server-side.
• Replace demo credentials with Supabase Auth or Clerk + Supabase profiles when your BAA is executed.