Security Audit
Bounded Health maintains enterprise-grade security controls for protected health information (PHI) and institutional data. Our infrastructure is designed for regulatory compliance and operational reliability.
HIPAA Compliance
We operate as a HIPAA Business Associate. All data handling, storage, and transmission protocols comply with HIPAA Privacy and Security Rules. Business Associate Agreements (BAAs) are executed with all covered entity partners.
Data Encryption
All PHI is encrypted at rest using AES-256 encryption. Data in transit is protected using TLS 1.3. Encryption keys are managed through dedicated key management infrastructure with role-based access controls.
Access Controls
System access follows the principle of least privilege. Role-based access controls (RBAC) ensure that employers receive only aggregate, de-identified reporting. Individual patient data is accessible only to authorized clinical personnel.
Audit Logging
All system access, data queries, and administrative actions are logged with immutable audit trails. Logs are retained in compliance with regulatory requirements and are available for institutional review.
Third-Party Audits
Security controls are subject to annual third-party security assessments. SOC 2 Type II certification is maintained for institutional assurance. Audit reports are available to contracted partners under NDA.
Incident Response
We maintain a documented incident response plan that includes breach notification protocols, forensic analysis procedures, and remediation workflows. Security incidents are reported in accordance with HIPAA breach notification requirements.
Security Inquiries
For security questionnaires, audit documentation requests, or incident reporting.