Security & compliance
HIPAA Compliance
Wrapped Health is designed to operate as a HIPAA-compliant Business Associate. We enter into Business Associate Agreements (BAAs) with healthcare providers and handle Protected Health Information (PHI) in accordance with HIPAA requirements.
Our platform is built with a “PHI-light” approach, minimizing the health information we store to only what is necessary to facilitate product recommendations.
Data Encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. We never store unencrypted patient information.
Access Controls
We implement strict access controls based on the principle of least privilege. Provider authentication is handled through secure EMR integrations using industry-standard protocols (SMART on FHIR, OAuth 2.0).
All access to patient data is logged and auditable. Only authenticated providers within the clinical context can initiate messages to their patients.
Infrastructure
Our infrastructure is hosted on SOC 2 compliant cloud providers. We use isolated environments, regular security assessments, and automated monitoring to protect against threats.
Security Practices
- Regular security audits and vulnerability assessments
- Employee security training and background checks
- Incident response procedures
- Secure software development practices
- Multi-factor authentication for all internal systems
Questions?
For security inquiries or to request our BAA, contact us at hello@getwrappedhealth.com.