Skip to content
HealthcareReady

US Health Insurance Portability and Accountability Act

Desha.ai supports HIPAA-ready workflows for US covered entities and their business associates. We will sign a Business Associate Agreement (BAA), apply the Security Rule’s administrative, physical and technical safeguards to Protected Health Information (PHI), and honour the minimum-necessary and breach-notification requirements. (HIPAA has no government “certification”; conformance is demonstrated through the BAA and our control attestations.)

Request documentation Last reviewed June 2026
DESHA.AI Trust Center

HIPAA

US Health Insurance Portability and Accountability Act
Status: Ready
Jurisdiction: United States
Reviewed: June 2026

At a glance

Statute
HIPAA Privacy, Security & Breach Notification Rules
Our role
Business Associate (BAA available)
Safeguards
Administrative, Physical, Technical
PHI encryption
AES-256 at rest, TLS 1.2+ in transit
Audit
Access logging & monitoring

Business Associate Agreement

Where Desha.ai handles PHI on behalf of a covered entity, we execute a BAA defining permitted uses, safeguards, sub-contractor obligations and breach reporting. PHI is processed only to deliver the contracted service.

Security Rule safeguards

SafeguardExamples in the platform
AdministrativeRisk analysis, workforce training, access management, incident response
PhysicalCloud data centres with physical-security attestations; managed device posture
TechnicalUnique IDs, role-based access, encryption, audit controls, automatic logoff

Privacy Rule & minimum necessary

  • Access to PHI is limited to the minimum necessary for the task, enforced by role-based access control.
  • PHI can be redacted in exports and is never used to train third-party foundation models.
  • Patients retain rights of access and amendment through the covered entity.

Breach notification

A documented incident-response process supports the covered entity’s breach-notification obligations, including timely reporting of any incident affecting PHI.

Documentation available on request

  • Business Associate Agreement (BAA) template
  • Security Rule safeguards summary
  • Encryption & key-management overview
  • Incident-response summary

Provided to qualified reviewers under a mutual NDA via contactus@desha.ai.

This page summarises Desha.ai’s posture for due-diligence review and does not disclose internal systems or security-sensitive detail. It is informational and not a warranty or legal advice. For contractual terms request our DPA / BAA at contactus@desha.ai.