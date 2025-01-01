HIPAA Compliance

ALTCHA is fully HIPAA compliant.

ALTCHA is a self-hosted, security-first solution designed to simplify compliance with the Health Insurance Portability and Accountability Act (HIPAA). Unlike third-party services, it operates entirely within your infrastructure, ensuring no unauthorized access, data breaches, or external processing of protected health information (PHI) — keeping sensitive data fully under your control.

HIPAA Compliance

1. No Built-in Storage or Transmission of PHI

By default, ALTCHA does not collect, store, or transmit:

Protected Health Information (PHI) – It does not process patient-identifiable data unless explicitly configured to do so by the user.

– It does not process patient-identifiable data unless explicitly configured to do so by the user. Unencrypted Data Transfers – All communications use secure protocols (e.g., HTTPS).

As a self-hosted solution, PHI may be stored or processed depending on how you implement ALTCHA. It is your responsibility to ensure that your usage does not introduce PHI exposure outside HIPAA-compliant boundaries.

For more technical details on how Sentinel respects and protects user privacy, please see the Privacy Protection documentation.

2. Fully Self-Hosted

All data processing occurs within your secured environment — no reliance on external cloud providers.

— no reliance on external cloud providers. No third-party access — ensuring PHI never leaves your HIPAA-compliant infrastructure.

3. Audit Trails & Access Controls

Supports integration with HIPAA-mandated audit logs for access monitoring.

for access monitoring. Role-based access control (RBAC) compatible—restricts system access to authorized personnel only.

4. No Business Associate Agreements (BAAs) Required

No subprocessors or vendors — eliminating the need for third-party BAAs.

— eliminating the need for third-party BAAs. No external dependencies — reducing compliance overhead.

HIPAA Compliance Checklist

While ALTCHA is compliant by design, ensure your implementation aligns with HIPAA requirements:

PHI Awareness – Avoid introducing PHI into ALTCHA unless your deployment is HIPAA-secure.

– Avoid introducing PHI into ALTCHA unless your deployment is HIPAA-secure. Encryption – All data in transit is encrypted (TLS).

– All data in transit is encrypted (TLS). Access Logging – Integrates with audit trails for compliance reporting.

– Integrates with audit trails for compliance reporting. Infrastructure Hardening – Deploy within a HIPAA-secured network (firewalls, access controls).

Why It Matters

HIPAA compliance is streamlined with ALTCHA:

Self-hosted = Full control over PHI environments.

= Full control over PHI environments. No third parties = No BAAs or vendor risk assessments.

= No BAAs or vendor risk assessments. No data retention by default = Reduced breach liability.

By design, ALTCHA minimizes compliance burdens while safeguarding sensitive healthcare workflows.

ALTCHA is designed to support HIPAA-compliant implementations, but final responsibility for regulatory compliance lies with you, the data controller. Ensure your deployment does not introduce additional data processing or storage beyond what ALTCHA provides.