Security · Compliance posture

Designed for
healthcare privacy
from the first commit.

HIPAA-aligned architecture, audit by default, least-privilege access, BAA-ready hosting, and a CDS posture that draws a clear line: decision support — not autonomous prescribing.

ArchitectureHIPAA-aligned
HostingBAA-ready
ComplianceSOC 2 Type II — in progress
CDS postureNon-autonomous, transparent
Operating principles§ I

Six principles that shape the architecture —
not six checkboxes.

Privacy controls aren't a layer added at procurement time. They sit at the foundation of how patient context is stored, transformed, and exposed to clinicians.

01

Encryption

Designed for AES-256 at rest and TLS 1.3 in transit across application, database, and storage layers. Per-tenant key separation on the enterprise plan.

02

Least-privilege access

Clinician, supervising clinician, pharmacist, panel manager, and administrator roles are scoped to the smallest set of records each role needs.

03

Audit by default

Every patient view, every accept, every dismiss, every override is logged with user, timestamp, IP, device, and a content hash. Append-only and exportable.

04

Consent-controlled flow

Cross-clinic and external lookups require explicit authorization. Patients can revoke share scope; the audit log proves when revocation took effect.

05

BAA-ready hosting

Architected on hosting and subprocessors that support Business Associate Agreements. Procurement-ready subprocessor list available on request.

06

No autonomous prescribing

The product is decision support, not a prescriber. There is no autonomous medication change, dosing decision, or diagnostic claim — by design.

Procurement packet§ II

What a CMO or compliance team will ask for.

A reviewable summary of the artifacts that show up first in any healthcare procurement conversation. Detailed evidence available under NDA.

BAAProcurementEnterprise customers receive a signed business associate agreement before ePHI use.
SOC 2 Type IIRoadmapSecurity program and evidence collection underway; readiness assessment scheduled.
Subprocessor listProcurementHosting, logging, analytics, and support vendors disclosed in the procurement packet.
Data retentionPlannedRetention and deletion windows are contract-specific and exportable on demand.
EncryptionArchitectureAES-256 at rest, TLS 1.3 in transit, per-tenant key separation on enterprise.
RBACArchitectureFive built-in roles with least-privilege defaults; custom role policies on enterprise.
Audit exportRoadmapAppend-only audit exports as CSV and FHIR AuditEvent for clinic compliance.
Breach processPlannedIncident-response and notification SLAs defined per contract for enterprise deployment.
FDA CDS postureDefinedTransparent CDS framing only — no diagnosis, prescribing, dosing, or autonomous ranking.
Clinical safety boundary§ III

The product boundary is the product.

The most important security control isn't an encryption choice. It's the line drawn between decision support and autonomous prescribing — and the audit trail proving the line held.

For clinician review only. This platform does not diagnose, prescribe, or replace professional medical judgment. Medication changes are made only by a licensed healthcare provider. Every insight carries transparent rationale and evidence references.

Operating posture · enforced in product, contract, and audit
100%Of patient-touching actions are written to an append-only audit log.
0Autonomous prescriptions, dosing decisions, or diagnostic claims.
5Built-in roles with least-privilege defaults — clinician, supervising, pharmacist, manager, admin.
Compliance roadmap§ IV

Enterprise controls in flight.

The controls compliance teams expect before ePHI deployment, with an honest read of where each one sits today.

Procurement

Want the full procurement packet?

Detailed architecture diagrams, subprocessor list, sample audit exports, and our SaMD-pathway documentation are available under NDA. We turn around requests within two business days.

Request packetOr open a sample chart