01 Our commitment
HIPAA compliance is not an add-on. It is the foundation of every system we build. All client data is processed on private, encrypted infrastructure with zero exposure to public AI platforms.
02 What is HIPAA
The Health Insurance Portability and Accountability Act establishes national standards for protecting sensitive patient health information (Protected Health Information, or PHI) from being disclosed without the patient's consent or knowledge. As a technology partner to healthcare practices, Seqora AI operates as a Business Associate and adheres to all applicable HIPAA requirements.
03 Technical safeguards
Our infrastructure implements comprehensive technical safeguards to protect PHI:
- End-to-end encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256) across every system and communication channel.
- Isolated server infrastructure: Client data is processed on private, isolated servers, never on shared public AI platforms.
- Access controls: Role-based access with multi-factor authentication. Only authorised personnel can access client systems and data.
- Audit trails: Comprehensive logging of all data access, modifications, and system interactions for full traceability.
- Automatic session termination: Inactive sessions are automatically terminated to prevent unauthorised access.
04 Administrative safeguards
- Business Associate Agreements: We execute BAAs with all healthcare clients before handling any PHI, as required by HIPAA.
- Employee training: All team members undergo HIPAA compliance training and are bound by confidentiality agreements.
- Incident response: Documented incident response plan for potential data breaches, including notification procedures within HIPAA-required timeframes.
- Risk assessments: Regular security risk assessments to identify and mitigate potential vulnerabilities.
- Vendor management: All third-party vendors and subprocessors are vetted for HIPAA compliance before integration.
05 Physical safeguards
- Secure data centres: Our infrastructure is hosted in SOC 2 Type II certified data centres with physical access controls, surveillance, and environmental protections.
- Data sovereignty: Client data is stored within specified geographic regions and never transferred to unauthorised jurisdictions.
06 What this means for your practice
When you work with Seqora AI, you can be confident that:
- Patient data never touches a public AI platform
- All communications (SMS, email, voice) are sent through HIPAA-compliant channels
- Your AI receptionist, intake forms, and automation workflows meet or exceed HIPAA requirements
- Complete audit trails are available for compliance reviews
- A signed BAA covers all data handling between your practice and Seqora AI
07 Additional compliance standards
Beyond HIPAA, our systems support compliance with:
- SOC 2: Service Organisation Control standards for security, availability, and confidentiality
- Attorney-client privilege: For law firm clients, our systems maintain the confidentiality required by legal ethics rules
- State privacy laws: Including CCPA (California) and other applicable state-level privacy regulations
08 Questions about compliance
We're happy to discuss our compliance framework in detail, provide documentation for your compliance officer, or walk through our security architecture during a consultation.