Healthcare data security isn't a feature. It's the foundation.

PreClaim handles PHI every day. Here's exactly how we protect it — no marketing language, just the technical reality.

HIPAA Compliant

Full administrative, physical, and technical safeguards. BAA signed with every data partner before any PHI is transmitted.

SOC 2 Type II

Independent audit of security controls, availability, processing integrity, confidentiality, and privacy. Audit in progress — targeting Q3 2026 certification.

Encryption Everywhere

AES-256 encryption at rest. TLS 1.3 in transit. Zero plaintext PHI at any layer — database, cache, logs, backups.

How your data flows through PreClaim

Ingest

835/ERA files ingested via encrypted API or SFTP. Files are validated, parsed, and the original is archived in encrypted storage. No data touches unencrypted disk at any point.

Process

Patient matching queries are sent over mTLS. Only the minimum necessary identifiers are transmitted. Responses are encrypted immediately upon receipt.

Analyze

AI policy matching runs in isolated compute environments. No PHI is sent to third-party LLM APIs — all policy analysis uses on-infrastructure models or BAA-covered services only.

Store

Evidence profiles stored in AES-256 encrypted database with field-level encryption for sensitive identifiers. Access logged via immutable audit trail. Automatic data retention policies enforced.

Deliver

Scorecard results transmitted to authenticated users over TLS 1.3. Role-based access controls ensure coordinators see only their assigned patients. All access logged.

Vendor & partner security

Partner	Function	BAA	SOC 2	Encryption
Metriport	HIE data (CommonWell + Carequality)	✓ Signed	✓ Type II	mTLS + AES-256
Google Cloud	Infrastructure	✓ Signed	✓ Type II	AES-256 + CMEK
Retell AI	Voice outreach	✓ Signed	✓ Type II	TLS 1.3
Infinitus	PA submission	✓ Signed	✓ Type II	TLS 1.3
SendGrid	Patient forms	✓ Signed	✓ Type II	TLS 1.3

Metriport

HIE data (CommonWell + Carequality)

✓ BAA✓ SOC 2mTLS + AES-256

Google Cloud

Infrastructure

✓ BAA✓ SOC 2AES-256 + CMEK

Retell AI

Voice outreach

✓ BAA✓ SOC 2TLS 1.3

Infinitus

PA submission

✓ BAA✓ SOC 2TLS 1.3

SendGrid

Patient forms

✓ BAA✓ SOC 2TLS 1.3

Audit Trail

Every data access is logged with timestamp, user, action, and patient ID. Immutable write-once logs stored for 7 years. Available for compliance review on request.

Free Audit Data Handling

For free denial audits: BAA signed before upload. Data encrypted immediately on receipt. Analysis completed within 7 days. Data deleted after analysis unless you opt in.

Questions about our security practices?

Request our full security documentation