We built RetainOS with HIPAA requirements baked in from day one. While we're not a Covered Entity (that's you, the clinic), our platform is designed to support your HIPAA compliance program.
All PHI encrypted with AES-256 at rest (Supabase PostgreSQL RDS) and TLS 1.3 in transit. Backups are also encrypted.
Role-based access (admin, clinician, patient). Unique user IDs, automatic session timeout, and audit logs for every PHI access event.
We execute Business Associate Agreements with every clinic. Our subprocessors (Supabase, Cloudflare) also sign BAAs and maintain SOC 2 Type II reports.
Every access to patient data is logged with timestamp, user ID, action type, and IP address. Logs are immutable and retained for 6 years.
We provide Business Associate Agreements as part of the onboarding process. Sign up and we'll send one over within 24 hours.
Build My App