A HIPAA platform that's not itself HIPAA-compliant is the sort of irony we try to avoid. Here's exactly how we handle your data, your PHI, and your trust.
Signed with every customer. Default posture: PHI flows through hms.
Audited annually by Johanson Group. Report available on request.
Validated to the same standard hospitals hold themselves to.
All production data stays in AWS us-east-1 + us-west-2.
Plain English. No weasel words.
Every connection is encrypted with modern cipher suites. HTTP is never accepted — the browser is told before you even ask.
Your data is encrypted at rest with a key only your tenant can unwrap. Even our engineers can't read your policies without your request.
Policy chat runs in a zero-retention AWS Bedrock deployment. Your prompts are not logged, not fine-tuned on, not seen by humans.
Point-in-time restore to any second in the last 35 days. Backup keys are rotated quarterly and never leave AWS KMS.
Short list on purpose.
| Sub-processor | Purpose | Data | Location | BAA |
|---|---|---|---|---|
| Amazon Web Services | Hosting, storage, AI inference | All tenant data | US-East, US-West | |
| Stripe | Subscription billing | Billing only (no PHI) | US | N/A |
| Postmark | Transactional email | User email addresses | US | |
| Linear | Internal ticketing | Support correspondence (scrubbed) | US | N/A |
| Okta | Employee SSO | Our staff only | US | N/A |
We notify customers 30 days in advance of any sub-processor change. The full current list is always at hipaa.inc/subprocessors.
We run our own HIPAA program inside hms. Every control, every task, same product you use. When you audit us, you're auditing the tool.
We pay bounties up to $10,000 for critical vulnerabilities. No lawyers, no legal threats — just a thank-you, a fix, and a check.
PGP key and full policy at hipaa.inc/security. Typical triage response: under 8 hours.
Send us a signed NDA and we'll share it within one business day.