HIPAA Compliance
Aibexx is built from the ground up for healthcare environments where patient data protection is not optional. This page outlines how Aibexx supports your institution's HIPAA compliance obligations.
Our Approach to HIPAA
Aibexx operates as a governance and orchestration layer between your institution's applications and AI models. We do not store patient records. We intercept, optimize, and log AI requests at the API layer, meaning our platform is designed to handle healthcare workflows without becoming a repository of protected health information (PHI).
How Aibexx Supports HIPAA Compliance
- Immutable Audit Trails — every AI agent action is logged with a hash-chained, tamper-evident record tagged by user identity, department, and workflow owner, giving your compliance team a complete and verifiable record of all AI activity
- Role-Based Access Control (RBAC) — four permission levels (Admin, Clinical, Finance, Service) ensure only authorized personnel can access specific workflows and data
- End-to-End Encryption — all data is encrypted in transit and at rest using AWS Key Management Service (KMS)
- Private VPC Deployment — Aibexx runs inside private Virtual Private Cloud (VPC) subnets on AWS, meaning your data never travels over public networks
- Agent Identity Registry — every AI call is tagged with an owner and identity, so there are no anonymous API calls touching your workflows
- Department-Level Budget Controls — spending alerts and hard-stop controls ensure AI usage stays within authorized boundaries per department
Business Associate Agreement (BAA)
As a vendor operating within healthcare environments, Aibexx is prepared to enter into a Business Associate Agreement (BAA) with your institution as required under HIPAA. To request a BAA or discuss compliance requirements specific to your organization, contact us using the information below.
Your Institution's Responsibilities
HIPAA compliance is a shared responsibility. While Aibexx provides the infrastructure controls listed above, your institution is responsible for:
- Configuring user access and permissions appropriately
- Ensuring staff use the platform in accordance with your internal HIPAA policies
- Reporting any suspected security incidents to your compliance officer promptly