Compliance & HIPAA
Privacy, controls, and transparency.
Compliance isn't just about meeting regulations—it's about earning trust. When patients share their health information, they're trusting you to protect it. When clinics use our tools, they're trusting us to handle that responsibility seriously. Every decision we make about data, security, and privacy starts with that trust.
BAAs, privacy notices, and governance artifacts are versioned, access-controlled, and available to every clinic partner. Crisis redirects, PHI minimization, and retention windows are enforced by design.
Data Protection
How we respect patient information
Your data stays yours
Patient information belongs to patients and their clinics. We never sell data or use it for purposes outside of supporting your care.
Access only when needed
Team members only see the information they need to do their job. Everyone else is locked out.
Patients control their information
Patients can request to see their data or ask for it to be removed at any time.
Security by design
Patient information is encrypted and protected with the same standards used by hospitals and health systems.
Clear accountability
Every action involving patient data is logged so there's always a record of who did what and when.
Policies
Versioned documentation
Policies are sourced from the Cloudain core repository and versioned for audit. Public copies live within this site for transparency.
BAA workflow
Clinics sign BAAs during onboarding. Enterprise partners coordinate BAAs through our legal team. Signed copies are stored securely and versioned.
Need more detail?
Schedule a compliance walkthrough
Connect with our compliance team to review policies, BAAs, or sign custom rider agreements. We respond within 1 business day.