HIPAA Compliance
Our Commitment
ReasonCare AI is designed from the ground up to comply with the Health Insurance Portability and Accountability Act (HIPAA). We implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of all protected health information (PHI) processed by our platform.
Technical Safeguards
Encryption at Rest
All PHI encrypted with Fernet symmetric encryption before database storage. Encryption keys stored separately in environment variables.
Encryption in Transit
All data transmitted over TLS. WebSocket connections secured with WSS protocol.
Access Controls
AWS Cognito JWT authentication. Role-based access for patients, providers, and service accounts.
Audit Logging
Every API request logged with actor, action, resource, timestamp, IP address, and response status per HIPAA §164.312.
Multi-Tenant Isolation
Complete data separation between clinic tenants enforced at the middleware level. No cross-tenant data access possible.
AI Security
Prompt injection defense, jailbreak prevention, and output scanning prevent the AI from leaking PHI or being manipulated.
Business Associate Agreement (BAA)
ReasonCare AI will execute a Business Associate Agreement with any covered entity or business associate that uses our platform to process PHI. BAA is included with Enterprise plans and available as an add-on for Starter and Professional plans.
Request a BAACompliance Contact
For HIPAA-related inquiries, BAA requests, or to report a security concern, contact compliance@reasoncare.ai.