Pular para o conteúdo
ALTCHA ALTCHA ALTCHA

Este conteúdo não está disponível em sua língua ainda.

HIPAA Compliance

ALTCHA is fully HIPAA compliant.

ALTCHA is a self-hosted, security-first solution designed to simplify compliance with the Health Insurance Portability and Accountability Act (HIPAA). Unlike third-party services, it operates entirely within your infrastructure, ensuring no unauthorized access, data breaches, or external processing of protected health information (PHI) — keeping sensitive data fully under your control.

HIPAA Compliance

1. No Built-in Storage or Transmission of PHI

By default, ALTCHA does not collect, store, or transmit:

  • Protected Health Information (PHI) – It does not process patient-identifiable data unless explicitly configured to do so by the user.
  • Unencrypted Data Transfers – All communications use secure protocols (e.g., HTTPS).

As a self-hosted solution, PHI may be stored or processed depending on how you implement ALTCHA. It is your responsibility to ensure that your usage does not introduce PHI exposure outside HIPAA-compliant boundaries.

For more technical details on how Sentinel respects and protects user privacy, please see the Privacy Protection documentation.

2. Fully Self-Hosted

  • All data processing occurs within your secured environment — no reliance on external cloud providers.
  • No third-party access — ensuring PHI never leaves your HIPAA-compliant infrastructure.

3. Audit Trails & Access Controls

  • Supports integration with HIPAA-mandated audit logs for access monitoring.
  • Role-based access control (RBAC) compatible—restricts system access to authorized personnel only.

4. No Business Associate Agreements (BAAs) Required

  • No subprocessors or vendors — eliminating the need for third-party BAAs.
  • No external dependencies — reducing compliance overhead.

HIPAA Compliance Checklist

While ALTCHA is compliant by design, ensure your implementation aligns with HIPAA requirements:

  • PHI Awareness – Avoid introducing PHI into ALTCHA unless your deployment is HIPAA-secure.
  • Encryption – All data in transit is encrypted (TLS).
  • Access Logging – Integrates with audit trails for compliance reporting.
  • Infrastructure Hardening – Deploy within a HIPAA-secured network (firewalls, access controls).

Why It Matters

HIPAA compliance is streamlined with ALTCHA:

  • Self-hosted = Full control over PHI environments.
  • No third parties = No BAAs or vendor risk assessments.
  • No data retention by default = Reduced breach liability.

By design, ALTCHA minimizes compliance burdens while safeguarding sensitive healthcare workflows.

ALTCHA is designed to support HIPAA-compliant implementations, but final responsibility for regulatory compliance lies with you, the data controller. Ensure your deployment does not introduce additional data processing or storage beyond what ALTCHA provides.