Every action logged for compliance reporting and security monitoring
Enterprise-Grade Security
Enterprise-Grade Security for Healthcare Data
Built from the ground up with HIPAA compliance and enterprise security standards
Security Built for Healthcare
PatientLetterHub is designed with healthcare security as our top priority. Every aspect of our platform is built to protect patient health information (PHI) and maintain the highest standards of compliance.
Core Security Features
Encryption
All files encrypted in transit (TLS 1.2+) and at rest (AES-256)
Access Controls
Role-based permissions ensure only authorized users access PHI
Audit Logging
Infrastructure
U.S.-based servers with SOC 2 and HIPAA-compliant providers
Committed to HIPAA Compliance
HIPAA Compliance Built-In
PatientLetterHub is built from the ground up with HIPAA compliance in mind. We understand the critical importance of protecting patient health information and have implemented comprehensive safeguards throughout our platform.
Data Encryption
All PHI encrypted in transit and at rest using industry-standard protocols
Access Controls
Role-based permissions ensure data is only available to authorized users
Audit Trails
Detailed logs support compliance audits and security monitoring
Risk Assessments
Regular security assessments and employee training maintain our security posture
Business Associate Agreements
We enter into BAAs with all customers to formalize our compliance commitment
Data Isolation
Jobs and PHI isolated by tenant to prevent cross-access
Built for Scale, Reliability, and Compliance
Frontend Security
Next.js 14 with responsive design
Secure authentication via Clerk
CSRF protection and input validation
Backend Security
Node.js with hardened security
PostgreSQL with encryption
API rate limiting and monitoring
Infrastructure
U.S.-based cloud infrastructure
SOC 2 Type II compliance
Daily backups and failover support
Data Protection
Tenant isolation and data segregation
End-to-end encryption
Comprehensive audit logging
Business Associate Agreement (BAA)
HIPAA Business Associate
As a healthcare communications provider, PatientLetterHub qualifies as a Business Associate under HIPAA. We provide a standard Business Associate Agreement (BAA) to all covered entities using our platform.
Our BAA outlines:
Permitted uses and disclosures of PHI
Safeguards for protecting PHI
Reporting obligations in event of breach
Subcontractor requirements
Termination provisions
Compliance monitoring and reporting
Compliance & Certifications
HIPAA Compliance
Full compliance with Health Insurance Portability and Accountability Act
SOC 2 Type II
Service Organization Control 2 Type II certification
U.S. Based
All infrastructure and data processing within United States
Trust Your Patient Data with Us
Join healthcare organizations that trust PatientLetterHub with their sensitive communications