HIPAA Compliance

Our commitment to healthcare data security

Status: pre-certification. The platform is engineered against HIPAA Privacy and Security Rule safeguards, but is not yet formally HIPAA-certified and is not a certified medical device. Production deployment moves PHI onto HIPAA-eligible AWS services (e.g. AWS HealthLake) under a signed Business Associate Addendum.

We design to the Health Insurance Portability and Accountability Act (HIPAA) safeguards and maintain strong standards of patient data protection.

Technical Safeguards

  • End-to-end encryption for all data in transit and at rest
  • Multi-factor authentication for all user accounts
  • Regular security audits and penetration testing
  • Automated backup and disaster recovery systems

Administrative Safeguards

  • Comprehensive security policies and procedures
  • Regular staff training on HIPAA compliance
  • Business Associate Agreements with all vendors
  • Incident response and breach notification procedures