Compliance

HIPAA Compliance

Last updated: March 5, 2026

Our Commitment

CortexKai is built from the ground up to meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Protecting patient data is foundational to everything we build.

Business Associate Agreements

We execute Business Associate Agreements (BAAs) with all customers who process Protected Health Information (PHI) through our platform. Our BAA outlines our responsibilities for safeguarding PHI and our obligations in the event of a data breach.

Administrative Safeguards

  • Designated Security and Privacy Officers
  • Workforce training on HIPAA policies and procedures
  • Regular risk assessments and management
  • Documented policies for access management and incident response
  • Business associate management and oversight

Technical Safeguards

  • AES-256 encryption for data at rest
  • TLS 1.2+ encryption for data in transit
  • Role-based access controls (RBAC) with least-privilege principles
  • Multi-factor authentication (MFA) for all platform access
  • Comprehensive audit logging and monitoring
  • Automatic session timeouts and access revocation

Physical Safeguards

  • Infrastructure hosted on SOC 2 Type II certified cloud providers
  • Data center access restricted to authorized personnel
  • Redundant systems and disaster recovery procedures
  • Secure workstation and device policies for all employees

Breach Notification

In the event of a breach of unsecured PHI, CortexKai will notify affected covered entities without unreasonable delay and no later than 60 days after discovery, as required by the HIPAA Breach Notification Rule. We maintain a documented incident response plan that is tested regularly.

Minimum Necessary Standard

Our AI agents are designed to access only the minimum necessary PHI required to perform their designated functions. Data access is scoped per agent, per task, and per session to limit exposure.

Questions

For questions about our HIPAA compliance program or to request a BAA, contact us at [email protected] or call us at (714) 723-4408.