Security and compliance, built in.
Altehra is designed for healthcare from the ground up. HIPAA-eligible, BAA-backed, audited, and reviewed.
Encryption at rest and in transit
AES-256 encryption across all storage. TLS 1.2+ for all network traffic. AWS KMS-managed keys with rotation policies.
HIPAA-eligible infrastructure
Built on HIPAA-eligible AWS services with BAAs in place across every vendor that handles PHI — including foundation model providers.
SOC 2 and HITRUST
SOC 2 Type 1 audit completed; Type 2 in progress. HITRUST CSF evaluation underway for enterprise-grade customers.
Role-based access control
Least-privilege defaults. Per-role permissions for BCBAs, RBTs, billers, admins. Break-glass access logged and reviewable.
Comprehensive audit logging
Every PHI read and write is logged with user, timestamp, and reason. Retained for HIPAA-required minimum of six years.
Backup and disaster recovery
Automated daily backups with 35-day retention. Cross-region replication. Documented RTO/RPO with quarterly DR drills.
Business Associate Agreements
Altehra signs a BAA with every qualified customer. We maintain BAAs with all subprocessors handling PHI, including Anthropic for AI inference, AWS for infrastructure, and Clerk for identity. Our compliance team is available to walk through specifics with your privacy officer or counsel.
Need our compliance documentation packet? Contact us — we share it under NDA with qualified prospects.