Security & Compliance Overview

MedXtract is built with enterprise-grade security controls to protect your most sensitive healthcare data.

Data Protection

HIPAA-aligned architecture with BAA available
AES-256 encryption at rest using AWS KMS
TLS 1.2+ encryption in transit
Data residency controls and geographic restrictions

Access Control

Role-based access control (RBAC) with least privilege
Multi-factor authentication (MFA) required
Session management with configurable timeouts
API key rotation and management

Network Security

Private VPC with security groups
Web Application Firewall (WAF) protection
DDoS protection and rate limiting
Network segmentation and isolation

Audit & Monitoring

Comprehensive audit logging via AWS CloudTrail
S3 Object Lock for immutable audit logs
6-year retention policy for compliance
Real-time security monitoring and alerting

Infrastructure

AWS compliant infrastructure
Regular security assessments and penetration testing
Automated vulnerability scanning
Incident response procedures and documentation

Key Management

AWS KMS for encryption key management
Per-environment key isolation
Automated key rotation policies
Hardware security module (HSM) protection

Compliance & Certifications

AWS Compliance

• HIPAA Eligible Services
• ISO 27001, 27017, 27018
• PCI DSS Level 1

Application Controls

• HIPAA-aligned architecture
• Business Associate Agreement (BAA) available
• Data processing agreements
• Regular security assessments

Need more details? Contact our security team for a comprehensive security review.

Contact Security Team Review BAA Template