HIPAA Compliance

SettleOn AI is built from the ground up to meet HIPAA requirements for handling Protected Health Information (PHI).

How We Protect Your Data

Encryption at Rest

All data stored in our systems is encrypted using AES-256 encryption, the same standard used by banks and government agencies.

Encryption in Transit

All data transmitted to and from our servers is protected with TLS 1.3 encryption, ensuring secure communication.

HIPAA-Eligible Infrastructure

We run on AWS HIPAA-eligible services with a signed Business Associate Agreement (BAA) in place.

Automatic Data Deletion

Uploaded documents are automatically and permanently deleted from our servers 30 days after processing.

Access Controls

Strict role-based access controls ensure only authorized personnel can access systems containing PHI.

Audit Logging

Comprehensive audit logs track all access to PHI, supporting compliance monitoring and incident response.

Our HIPAA Commitment

As a Business Associate under HIPAA, SettleOn AI takes the protection of Protected Health Information (PHI) seriously. We maintain administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of all PHI we process.

Business Associate Agreement

SettleOn AI will execute a Business Associate Agreement (BAA) with covered entities upon request. The BAA outlines our responsibilities for protecting PHI and our commitment to HIPAA compliance.

To request a BAA, please contact us at support@settleon.ai.

Technical Safeguards

  • AES-256 encryption for all stored data
  • TLS 1.3 for all data transmission
  • Multi-factor authentication available for all accounts
  • Automatic session timeouts
  • Unique user identification and access tracking
  • Regular vulnerability scanning and penetration testing

Administrative Safeguards

  • Designated Security Officer responsible for HIPAA compliance
  • Regular employee training on HIPAA requirements
  • Background checks for employees with access to PHI
  • Incident response procedures for potential breaches
  • Regular risk assessments and policy reviews

Physical Safeguards

  • AWS data centers with SOC 2 Type II certification
  • Physical access controls and monitoring
  • Environmental controls (fire suppression, climate control)
  • Media disposal procedures for hardware containing PHI

Your Responsibilities

While we provide a HIPAA-compliant platform, users are responsible for:

  • Ensuring they have the right to process uploaded documents
  • Using strong passwords and enabling multi-factor authentication
  • Not sharing account credentials
  • Reporting any suspected security incidents
  • Complying with their own HIPAA obligations as covered entities

Breach Notification

In the unlikely event of a breach involving PHI, we will notify affected parties in accordance with HIPAA breach notification requirements. We maintain incident response procedures to quickly identify, contain, and remediate any security incidents.

Questions?

For questions about our HIPAA compliance or to request a BAA, contact our compliance team at support@settleon.ai or visit our Contact page.