Security & HIPAA
Security is the foundation, not an afterthought.
EMRxAI is built to help home health agencies safeguard Protected Health Information (PHI) and meet their HIPAA obligations. Here's how we protect your data at every layer.
Encryption everywhere
PHI is encrypted in transit with TLS 1.2+ and encrypted at rest using strong, industry-standard algorithms.
Role-based access control
Least-privilege permissions ensure clinicians, billers, and administrators only see the data their role requires.
Audit logging
Access to PHI is logged and monitored, creating a traceable record to support investigations and survey readiness.
Secure hosting
Infrastructure runs on reputable cloud providers offering physical, network, and environmental safeguards.
Backups & recovery
Regular backups and disaster-recovery practices are designed to protect data availability and integrity.
HIPAA-aligned program
Administrative, physical, and technical safeguards are modeled on the HIPAA Security Rule requirements.
Business Associate Agreements
As a service provider that handles PHI on behalf of covered entities, EMRxAI will enter into a Business Associate Agreement (BAA) with every customer that requires one. The BAA defines our responsibilities for safeguarding PHI and governs how that information is used and disclosed. Learn more about our BAA.
Incident response
We maintain an incident-response process designed to detect, contain, and respond to security events. In the event of a breach of unsecured PHI, we will notify affected customers in accordance with the HIPAA Breach Notification Rule and the terms of the applicable BAA.
Responsible disclosure
If you believe you've found a security vulnerability, please contact us at contact@emrxai.com so we can investigate promptly.
This page describes our security practices in general terms and does not create any warranty or contractual obligation. Specific safeguards and commitments are governed by your service agreement and BAA.