Compliance is not an add-on. It's the foundation.

8 regulatory standards built into every layer of the platform. Not bolted on. Not optional.

HIPAA

Compliant

Health Insurance Portability and Accountability Act

Full HIPAA compliance with PHI encryption at rest and in transit, BAA execution, role-based access controls, and comprehensive audit trails.

  • βœ“PHI encryption (AES-256 at rest, TLS 1.3 in transit)
  • βœ“Business Associate Agreement on all paid plans
  • βœ“Minimum necessary access principle enforced
  • βœ“Automated audit logging of all PHI access
  • βœ“Breach notification workflow
  • βœ“Annual risk assessment process

FDA 21 CFR Part 11

Compliant

Electronic Records; Electronic Signatures

Electronic records and signatures that meet FDA requirements for clinical trial data integrity, traceability, and non-repudiation.

  • βœ“Tamper-evident audit trails on all records
  • βœ“Electronic signatures with multi-factor auth
  • βœ“System validation documentation (IQ/OQ/PQ)
  • βœ“User authority verification
  • βœ“Record retention and archival
  • βœ“Computer system validation protocols

ISO 13485

Certified

Medical Devices Quality Management

Quality management system for medical device software development, ensuring consistent design, development, and delivery processes.

  • βœ“Design and development controls
  • βœ“Risk management per ISO 14971
  • βœ“Document control and change management
  • βœ“CAPA (Corrective and Preventive Action)
  • βœ“Supplier management processes
  • βœ“Management review and continuous improvement

IEC 62304

Compliant

Medical Device Software Lifecycle

Software lifecycle processes for medical device software, from requirements through maintenance and decommissioning.

  • βœ“Software development planning
  • βœ“Requirements analysis and traceability
  • βœ“Architectural design documentation
  • βœ“Unit and integration testing protocols
  • βœ“Software release and maintenance processes
  • βœ“Problem resolution tracking

GDPR

Ready

General Data Protection Regulation

EU data protection compliance with data subject rights, cross-border transfer safeguards, and privacy by design.

  • βœ“Data subject access request (DSAR) handling
  • βœ“Right to erasure implementation
  • βœ“Data portability (FHIR export)
  • βœ“Privacy impact assessments
  • βœ“Data processing agreements
  • βœ“EU data residency option (Enterprise)

ICH E6(R3)

Aligned

Good Clinical Practice

Aligned with the latest ICH GCP guidelines for quality-by-design clinical trials, risk-based monitoring, and proportionate approaches.

  • βœ“Quality-by-design trial framework
  • βœ“Risk-based monitoring support
  • βœ“Centralized statistical monitoring
  • βœ“Protocol deviation tracking
  • βœ“Informed consent management
  • βœ“Essential document management (TMF)

Security Infrastructure

Encryption

  • AES-256 at rest
  • TLS 1.3 in transit
  • AWS KMS key management

Access Control

  • MSS SSO/SAML
  • MSS fine-grained policy decisions
  • Multi-factor authentication

Infrastructure

  • AWS ECS (US, EU)
  • Multi-tenant PHI isolation
  • Automated backups (hourly)

Monitoring

  • ELK Stack logging
  • Real-time anomaly detection
  • Zero Trust audit framework

BAA included on every paid plan

Unlike competitors who gate HIPAA BAA behind Enterprise pricing, we include it on Starter and above. Clinical software should be compliant by default.

Start Compliant, Start FreeRequest security review β†’