HIPAA

Companion is designed to be deployed in environments that handle protected health information. HIPAA-readiness is built into the architecture rather than added later.

What That Means in Practice

• — Encryption at rest and in transit for all sensitive data
• — Role-based access controls and audit logging
• — Minimum-necessary data handling principles
• — Defined incident response and breach notification pathways
• — Workforce training requirements for staff with access
• — Vendor and subprocessor review for any handling of PHI-adjacent data

Business Associate Agreements

Where Companion engagements involve protected health information on behalf of a covered entity, we operate under a Business Associate Agreement. Standard BAA terms are available to qualified counterparties as part of facility, health system, and program partner diligence.

Diligence Materials

Security and compliance documentation, including current control posture, subprocessor lists, and audit-track materials, is provided to qualified counterparties under standard review. To request the package, contact contact@companion-care.ai.

This page describes our compliance posture and is updated as attestations and controls advance. It is not a substitute for the formal documentation provided under counterparty diligence.