HIPAA (United States)
For clients serving US patients, we build to the HIPAA Security and Privacy Rules: safeguards for protected health information (PHI), role-based access controls, audit logging, encryption of PHI in transit and at rest, and architectures that support Business Associate Agreement (BAA) obligations with hosting providers.