Built for Healthcare. Secured for HIPAA.

ParaHealth is designed from the ground up to meet HIPAA requirements. Your patient data is protected with enterprise-grade encryption, strict access controls, and comprehensive audit trails.

Request BAAContact Security
HIPAA Compliant
AES-256 Encrypted

Compliance at a Glance

Our security posture, summarized.

Active

HIPAA Compliant

Full compliance with HIPAA Privacy and Security Rules

Active

BAA Available

Executed with all customers handling PHI

Active

Encryption at Rest

AES-256 application-level encryption

Active

Encryption in Transit

TLS 1.2+ enforced on all endpoints

Active

Access Controls

Role-based access with MFA enforcement

Active

Audit Logging

Immutable logs with 6-year retention

In Progress

SOC 2 Type II

Certification in progress

Planned

HITRUST CSF

Alignment planned

How We Protect Your Data

Security controls designed for healthcare from day one.

Encryption

PHI is encrypted at the application layer before database storage. All traffic is transmitted over HTTPS/TLS. Encryption keys are managed with strict access controls and regular rotation.

AES-256 at restTLS 1.2+ in transitAutomated key rotation

Access Controls

Role-based access control ensures users only see data relevant to their role. Authentication uses JWT tokens with session timeouts and brute-force protection.

MFA enforcementRole-based permissionsSession management

Audit Trail

Every data access and modification is logged with immutable, tamper-evident records. Audit logs are retained for 6 years per HIPAA requirements.

Immutable recordsTamper-evident6-year retention

PHI Protection

No PHI appears in application logs. Personally identifiable information is hashed in audit records. Clinical notes are encrypted at rest with dedicated keys.

Zero PHI in logsPII hashingDedicated encryption keys

Infrastructure

Enterprise-grade infrastructure built for healthcare data.

Cloud Infrastructure

Hosted on cloud infrastructure with BAA in place with our provider

Database Security

Encryption at rest enabled by default with managed key services

Backup & Recovery

Automated daily backups with point-in-time recovery capabilities

Disaster Recovery

Documented DR procedures tested regularly with defined RPO/RTO

Network Security

VPC isolation, WAF protection, and DDoS mitigation on all endpoints

Monitoring

Real-time threat detection, anomaly alerting, and incident response

Business Associate Agreements

We execute Business Associate Agreements with all customers handling PHI. Contact us to get started with your BAA.

Request BAA

Ready to see ParaHealth in action?

Schedule a demo to learn how we automate prior authorization while keeping your data secure.

Get StartedLearn More

Questions about our security posture?

Email security@parahealth.ai