Is the Product HIPAA Compliant?

Yes. Our platform is fully designed to support HIPAA-compliant use through a combination of contractual safeguards, internal controls, and optional PHI protection features.

Here’s how we ensure HIPAA compliance:

1. Business Associate Agreements (BAA) with Providers

   We have signed Business Associate Agreements (BAAs) with all key service providers involved in AI processing and infrastructure, including OpenAI and Google Cloud Platform (GCP). This ensures that any sensitive information shared with these services is protected under HIPAA standards.

   
   

2. Internal HIPAA Policies and Platform Controls

   Our platform follows all applicable HIPAA guidelines, and our team operates under strict internal HIPAA policies. We implement industry-standard security measures to protect the confidentiality, integrity, and availability of protected health information (PHI).

   
   

3. Business Associate Agreement (BAA) with Your Organization

   If your organization requires a BAA, you can request it from the platform via Settings → Request BAA on any paid plan. We provide the agreement promptly after the request. Signing this BAA is required to use the platform in a fully HIPAA-compliant manner.

   
   

4. Optional PHI Guard Policy Management

   We offer PHI Guard as an optional feature that allows organizations to control how PHI is handled during AI processing. PHI Guard can be enabled or disabled at the organization or user level, depending on your policy preferences.

   When enabled, PHI Guard anonymizes PHI before AI processing and securely restores it afterward. While this increases data confidentiality, it may impact AI response accuracy due to reduced context.

   For a detailed explanation of PHI Guard configuration options, trade-offs, and policy management, see the PHI Guard documentation.