Every PHI access is logged with who, what, and when in a tamper-evident trail. Agent or human — no exceptions, no gaps.
Paranoid by design. Audited by default.
AI in healthcare only works if every action is accountable. MedOp logs everything, gates the dangerous stuff, and hands you the off switch.
All PHI is AES-256 encrypted at rest and TLS 1.3 in transit. Encryption keys are managed with strict rotation policies.
Controlled actions like eRx require fresh time-based OTP from a human provider. AI agents cannot prescribe without human confirmation.
Automatic encrypted snapshots with geographically distributed storage and tested restore paths. RTO under 4 hours.
Front desk, billers, and providers each see exactly what their role requires. Granular permission sets, not all-or-nothing access.
Disable any agent instantly, practice-wide, from the admin console. No support ticket. No waiting period.
Multi-tenant architecture with strict data isolation. No cross-practice data leakage. Verified by automated tests on every release.
Continuous eval gates, drift checks, and tenant-isolation audits run against every deployment before any code reaches production.
MedOp signs a BAA with every practice. HIPAA requires it — we make it standard, not optional.
Security questions, answered directly
MedOp is designed to support HIPAA compliance. We sign a Business Associate Agreement (BAA) with every practice, maintain a HIPAA-aligned audit trail for all PHI access, encrypt data at rest and in transit, and implement access controls required by the HIPAA Security Rule.
PHI is stored in encrypted form in US-based cloud infrastructure. Data never leaves US borders. Encryption at rest uses AES-256; encryption in transit uses TLS 1.3.
Agents operate within strict role-based access control. Each agent type has a defined scope of data access, and all PHI access is logged in the audit trail regardless of whether it was an agent or human action.
You can export your data in standard formats at any time. MedOp supports FHIR-compliant data export. Your data is yours.
Ready to review the full security posture?
We'll walk you through our audit trail, BAA, and security controls in your demo.
Book a security walkthrough →