# HIPAA (frontend)

## ⚡100%. ***Private***. Network. {% content-ref url="/pages/R8Tnf6QtiYmKdht7P7fQ" %} [Private Network](/lisaiceland/privacy+/private-network.md) {% endcontent-ref %} {% content-ref url="/pages/H5L4SlZuxVJvnS8az15Y" %} [Security+](/lisaiceland/platform+/security+.md) {% endcontent-ref %} {% content-ref url="/pages/8legEWsPMN02YRpNVJ8b" %} [Privacy+](/lisaiceland/privacy+.md) {% endcontent-ref %} ## ⚡***100%***. Compliant. ***Frontend***.

### **HIPAA** Compliance * Industry-standard certifications for our frontend infrastructure includes HIPAA, AICPA SOC 2 Type 2, ISO 27001, ISO 27018, and PCI DSS v4.0. * Our security & privacy-first approach ensures that ALL our web applications not only meet regulatory requirements but also maintain the highest standards of data protection. ### **Advanced** Security Measures * Our HIPAA service offering on the frontend integrates & builds on the robust security measures already embedded in our backend platform. * It's ***100% End-to-End***. * It has undergone additional, rigorous audits to ensure full compliance with healthcare data regulations. ### **Key Security** Features * ***End-to-End*** *Encryption* * Ensuring all data is encrypted both in transit and at rest. * **Vulnerability** *& Patch Management* * Regular internal and third-party penetration testing, alongside ongoing patch management, to identify, mitigate, and address potential security risks. * ***Access*** *Control* * Strict control mechanisms to ensure that only authorized personnel can access sensitive data. * ***Your** Business* * HIPAA promotes the use of electronic health records while safeguarding the security and privacy of PHI. For healthcare providers and businesses handling PHI, compliance with HIPAA is not just a regulatory obligation but a crucial component of maintaining trust with patients and clients. * We are considered a business associate (BA) for our healthcare customers, who must comply with HIPAA. With this announcement of HIPAA compliance, any/all customers handling PHI can now execute a Business Associates Agreement (BAA) with us. * ***Secure** Architecture* * Security in the cloud is a shared responsibility—one we don’t take lightly. To make it easier, we’ve created secure reference architectures to assist customers who must meet regulatory or special data processing requirements in the healthcare space and beyond. * ***Tight** Security* * Hardware-level * Software-level * Cloud-functions-level * Middleware-level * PII & PHI ***"in-chat"*** * ***Privacy-First** & AI-Safety Compliance* * ***LLM Safety*** * ***AI Gateway*** * ***Datacenter*** * ***Beyond*** *AI* * Security ***Guardrails*** * ***Bias*** Protections * ***Extra*** Compliance * PCI DSS, SOC2 Type II, GDPR * ***Secure** AI* * In-Depth monitoring * Retry logic built-in * ***Secure** Credential Storage* * We securely store credentials like API keys and access tokens necessary to connect with third-party services. These are encrypted and accessible only to the our systems that need them to operate the service. * ***Data** Minimization* * We implement data minimization practices to only collect and process the data needed for the service. * ***Data** Tunneling* * We tunnel data securely end-to-end by enforcing **HTTPS/TLS encryption** for all traffic, protecting data in transit with strong ciphers like AES-256, and isolating sensitive operations (like serverless functions) in temporary, secure environments, preventing data leakage. * Key features include automatic SSL, DDoS mitigation, and built-in secret management (Secrets Controller) to prevent exposing API keys, ensuring data remains encrypted from client to edge, i.e. our frontend to our backend infrastructure, through functions, and to our external backend services. * ***Limited*** *& NO Access* * Only authorized systems, API & any other internal admins * Limited to 2 at a time and rotated every week * We always us store & de-identify (aka data masking or deID) credentials. {% embed url="" %} {% embed url="" %} ## ⚡Compliant. GREEN. ***Backend***. {% content-ref url="/pages/pD0nMCoibNNyguZMv5LF" %} [Compliant LLM Gateway](/lisaiceland/platform+/subprocessors/compliant-llm-gateway.md) {% endcontent-ref %} ## ⚡***BAA***. Execute. *Now*. {% content-ref url="/pages/ZdiLlpsvZKtmZRfhWQ3v" %} [BAA](/lisaiceland/privacy+/hipaa-or-soc2-or-pci/hipaa/baa.md) {% endcontent-ref %} * For ALL client entities * BAA sample fill 100% online... * Edit, Save & Print * Email us & we'll e-sign it at: * {% content-ref url="/pages/ZdiLlpsvZKtmZRfhWQ3v" %} [BAA](/lisaiceland/privacy+/hipaa-or-soc2-or-pci/hipaa/baa.md) {% endcontent-ref %}

{% content-ref url="/pages/rtds6tbaoVi419LaqToL" %} [💲 Affiliates+ = Earn 40%💲](/lisaiceland/affiliates+-earn-40.md) {% endcontent-ref %}

{% embed url="" %}

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://nexas-ridewiz.gitbook.io/lisaiceland/privacy+/hipaa-or-soc2-or-pci/hipaa/hipaa-frontend.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.