Security & HIPAA
Last updated: [effective date]
Our commitment
Orion AI is built for HIPAA-compliant practices, with security considered from day one. [Verify each claim below against your actual controls before publishing.]
HIPAA and your BAA
We sign a Business Associate Agreement with practices that handle protected health information. The BAA sets out our obligations for safeguarding PHI.
Encryption
Data is encrypted in transit, and at rest where applicable, using industry-standard methods.
Access controls
Access to data is restricted on a need-to-know basis, with single sign-on and role-based access for multi-location groups.
Local-first option
For practices that need patient data to stay inside their own network, Orion can run locally on a machine in your office.
Infrastructure and monitoring
The service runs on reputable cloud infrastructure with logging and monitoring designed to detect and respond to issues.
Incident response
We maintain a process to investigate and respond to security incidents and to notify affected practices as required.
Report a vulnerability
Found a security issue? See our security.txt or call 929-674-6621.
Contact
Questions about this security & hipaa? Reach us at our contact page or call 929-674-6621.
