Skip to content
NeuroLTC

Security & compliance

Built for healthcare security standards

We're building toward formal certification with a security-first architecture from day one. What follows is our actual posture — stated plainly, with nothing we haven't earned.

HIPAA-minded architecture

Facility-scoped access controls, role-based permissions, and function-level authorization on every data path. AI features receive PHI-minimized inputs — internal identifiers, never names.

BAA available for facility customers

We execute a Business Associate Agreement with every facility customer before any protected health information is processed — the BAA governs how PHI is handled.

SOC 2 Type II — on the roadmap

SOC 2 Type II (AICPA Trust Services Criteria) is on our roadmap, not on our wall. We will not display a badge for a certification we do not yet hold.

Comprehensive audit logs

Every access and change is logged with timestamps, user attribution, and change tracking. The same audit trail that backs our reports backs our own accountability.