SECURITY
Built like the audit is tomorrow.
HIPAA posture isn't a checkbox page here — it's the architecture. Every claim below is verifiable in the platform.
Platform safeguards
- HIPAA compliant — AWS Business Associate Agreement in place
- Encrypted at rest and in transit
- Postgres row-level security enforces tenant isolation
- Separation-of-duties enforcement on financial actions
- Tamper-evident audit trail on every record change
Minimum necessary, by default
Client-facing surfaces show authorized hours — never consumption. Caregiver and client identities render as first name + locality unless a role explicitly needs more.
42 CFR 441.301(c)(3)Minn. Stat. § 256B.85Minn. Stat. § 245D
A signed BAA comes standard.
Every tier, every tenant. AWS BAA in place upstream. Questions → compliance@systemax.app