HIPAA
Processes and access patterns are designed for workflows that may involve protected health information.
Security & Trust
Built for healthcare's compliance bar.
Launch with secure access, auditability, HIPAA-aware workflows, BAA-ready support, and DSCSA-aware supply operations before your first patient signs up.
Compliance Surface
The diligence answers buyers need up front.
The trust center gives procurement, clinical, and operations teams the first-pass security context they need before a demo.
SOC 2 Type II
Controls are organized around availability, security, confidentiality, and operational discipline.
HITRUST
Procurement conversations can map controls to healthcare-specific risk and governance expectations.
DSCSA
Wholesale and supply workflows are framed around traceability, partner visibility, and regulated distribution.
Security controls
- Encryption in transit and at rest
- Role-based access control
- Audit logging for sensitive workflows
- Auth0-backed identity flows
- Operational monitoring and incident review
- Vendor and subprocessor management
- Business Associate Agreements for eligible customers
Incident response
A practiced response program: detect, contain, notify, recover, and learn. We share specifics during security review.
- Breach notification aligned to HIPAA and customer BAA timelines
- 24/7 operational monitoring on production systems
- Documented incident response runbook with on-call rotation
- Recovery objectives tracked per critical workflow (RPO / RTO)
- Post-incident review and customer-facing summary on request