HIPAA Compliance
Our commitment to healthcare data security
Status: pre-certification. The platform is engineered against HIPAA Privacy and Security Rule safeguards, but is not yet formally HIPAA-certified and is not a certified medical device. Production deployment moves PHI onto HIPAA-eligible AWS services (e.g. AWS HealthLake) under a signed Business Associate Addendum.
We design to the Health Insurance Portability and Accountability Act (HIPAA) safeguards and maintain strong standards of patient data protection.
Technical Safeguards
- End-to-end encryption for all data in transit and at rest
- Multi-factor authentication for all user accounts
- Regular security audits and penetration testing
- Automated backup and disaster recovery systems
Administrative Safeguards
- Comprehensive security policies and procedures
- Regular staff training on HIPAA compliance
- Business Associate Agreements with all vendors
- Incident response and breach notification procedures