Compliance & Security
Overview of the 1health platform security architecture and compliance practices. For specific commitments, SLAs, and contractual terms, please contact our team.
HIPAA-Compliant Infrastructure
The platform is designed to support HIPAA compliance requirements including the Privacy Rule, Security Rule, and Breach Notification Rule. Contact us for details on specific controls.
BAA Available
A standard Business Associate Agreement is available for paid plans. Contact our team for details.
SOC 2 Type II
Annual SOC 2 Type II audit covering security, availability, processing integrity, confidentiality, and privacy. Reports available to Enterprise customers upon request.
High-Availability Architecture
Redundant infrastructure across multiple AWS regions. Real-time status monitoring at status.1health.io. Specific availability targets are defined per plan.
Security Architecture
The platform is designed so that PHI is processed server-side within compliant infrastructure. The API acts as a secure gateway between your application and healthcare data sources.
Authentication, authorization, rate limiting, audit logging
Encryption at Rest
Data encrypted with AES-256. Database-level encryption using AWS KMS with automatic key rotation.
Encryption in Transit
TLS 1.3 enforced on all API endpoints. Certificate pinning supported for mobile SDKs.
Access Controls
Role-based access control (RBAC) with fine-grained permissions. API keys scoped to specific resources and actions.
Audit Logging
API calls, data access, and administrative actions are logged with audit trails. Retention periods vary by plan.
Questions about Compliance?
For BAA requests, SOC 2 reports, security questionnaires, or specific compliance questions, contact our team directly.