HIPAA Compliance
Joyera is fully HIPAA compliant. We implement comprehensive safeguards to protect your patients' Protected Health Information (PHI).
Encryption
All data encrypted with AES-256 at rest and TLS 1.3 in transit. Zero-trust architecture.
Access Controls
Role-based access controls (RBAC) with multi-factor authentication required for all accounts.
Audit Logging
Comprehensive audit trails for all PHI access, retained for 7 years per HIPAA requirements.
Business Associate Agreements
We sign BAAs with all customers and maintain BAAs with our subprocessors including AI providers.
Security Controls
Administrative, physical, and technical safeguards compliant with the HIPAA Security Rule.
Breach Notification
Incident response procedures with breach notification within 60 days as required by HIPAA.
Our HIPAA Compliance Commitments
- 1We sign BAAs with all customers
Before you can use Joyera with PHI, you must accept our Business Associate Agreement.
- 2We never sell PHI
We do not sell, rent, or share PHI with third parties for marketing or advertising purposes.
- 3We don't use identifiable PHI for AI training
We never use identifiable PHI to train AI models. De-identified and blinded data may be used to improve billing outcomes.
- 4SOC 2 Ready
Our security controls are aligned with SOC 2 Trust Service Criteria. We maintain comprehensive security policies and procedures.
Important: We Are NOT a Designated Record Set
Joyera is an AI-powered documentation assistance tool, not an Electronic Health Record (EHR) or Designated Record Set as defined by HIPAA. You are responsible for transferring AI-generated documentation to your official EHR system. See our Terms of Service for details.
Questions about our HIPAA compliance? Contact our Privacy Officer