Distillmed - IME Analyzer

Security, Compliance & Privacy

Enterprise-grade protection for sensitive medical data. We prioritize the safety, integrity, and confidentiality of your IME records above all else.

All Systems Operational

verified_userCore Compliance Standards

medical_services

HIPAA Compliant

We are fully compliant with the Health Insurance Portability and Accountability Act. We execute Business Associate Agreements (BAA) with all covered entities before data ingestion.

  • check_circleAES-256 Encryption at rest
  • check_circleTLS 1.3 Encryption in transit
gavel
badge

SOC 2 Type II Certified

Our platform undergoes rigorous annual third-party audits to ensure our security, availability, and confidentiality controls are operating effectively over time.

  • check_circleAudited by AICPA-accredited firm
  • check_circleContinuous control monitoring

Data Sovereignty & AI Ethics

Details on how we handle, store, and process your data.

dns

Data Residency

All data is stored exclusively on US-based servers within AWS GovCloud regions, ensuring strict adherence to federal data residency requirements.

model_training

No Model Training

Your data is NEVER used to train our foundational AI models. Your proprietary medical analysis remains isolated to your tenant.

delete_forever

Right to Deletion

You maintain full ownership of your data. Request complete deletion at any time, and we will permanently purge all records within 30 days.

visibility_off

Zero-Knowledge Architecture

End-to-end encryption means even our engineers cannot access your PHI without explicit authorization and audit trail.

shieldSecurity Practices

admin_panel_settings

Role-Based Access Control

Granular permissions ensure users only access data necessary for their role.

fingerprint

Multi-Factor Authentication

Mandatory MFA for all accounts with support for TOTP and hardware keys.

history

Comprehensive Audit Logs

Every action is logged with immutable timestamps for full traceability.

emergency

24/7 Incident Response Team

Our dedicated security operations center monitors for threats around the clock. In the unlikely event of a security incident, our team follows a documented response protocol with notification to affected parties within 72 hours as required by HIPAA.

Certifications & Compliance

verified

HIPAA

workspace_premium

SOC 2 Type II

public

GDPR Ready

cloud_done

AWS GovCloud

arrow_backBack to Home