Justin.HealthcareAI
Justin.HealthcareAI← Back to site
Security overview

Trust, audited. No surprises.

Procurement and InfoSec get the answers they need on day one. No chasing, no 'trust us.'

SOC 2 Type II
Annual third-party audit. Report on request.
HIPAA-compliant
BAA signed before kickoff with every customer.
HITRUST-aligned
CSF v11 control mapping available.
GDPR-ready
EU data residency option for international clients.
Encryption

AES-256 at rest · TLS 1.3 in transit · customer-managed KMS keys at enterprise tier.

BAA + agreements

Signed before kickoff. Sample BAA + MSA + SOW available on request.

Infrastructure

AWS HIPAA-eligible · US data residency · multi-AZ · RPO 1hr · RTO 4hr · optional dedicated VPC.

Access controls

RBAC per location, per agent, per data type · SSO (Okta/Azure AD) · immutable audit logs.

Penetration testing

Annual third-party pen test · summary in Trust Pack · full report under NDA.

Uptime

99.97% SLA, service-credited · public status page · postmortems within 5 business days.

Vendor risk

SIG + CAIQ pre-filled · turnaround in 5 business days · HITRUST mapping available.

Model governance

Zero PHI in model training · per-customer model isolation · output review trails for clinical agents.

Request the Trust Pack →Executive briefing