HIPAA / BAA
PHI handled under a Business Associate Agreement.
Scribara handles PHI under a BAA, keeps an immutable audit of every action, and can run entirely inside your boundary. Security is designed in, not bolted on.
HIPAA · SOC 2 roadmap · on-prem · per-tenant isolation
Healthcare buys on trust. Scribara is built to clear procurement, security review, and compliance.
PHI handled under a Business Associate Agreement.
[ASPIRATIONAL] — roadmap to Type II within 12 months.
Run owned models inside your datacenter via NVIDIA AI Enterprise. [ASPIRATIONAL]
Every agent action logged, reversible, tied to the clinician's signature.
US, EU, UK regions; per-tenant keys (BYOK option). [ASPIRATIONAL]
AI management-system conformity on the roadmap. [ASPIRATIONAL]
PHI is redacted at ingress, isolated per tenant, and — in on-prem mode — never leaves your datacenter. Owned models mean no third-party API sees patient data in production.
Agentic autonomy with the controls regulated buyers require.
Low-confidence outputs abstain rather than guess.
Ambiguous cases route to a human with context.
Consequential actions need clinician sign-off.
Every step is logged, reversible, and signed.
Defense in depth across compute, data, and model layers.
In transit and at rest; per-customer keys (BYOK). [ASPIRATIONAL]
SSO/SAML/SCIM via WorkOS; per-action RBAC.
Immutable, append-only, exportable to your SIEM.
Input sanitization, tool allowlists, output validators.
US/EU/UK regions. [ASPIRATIONAL]
Annual pen-test; bug bounty. [ASPIRATIONAL]
Healthcare AI lives or dies on trust, so Scribara favors verifiable claims over adjectives. Accuracy and uptime targets are marked [ASPIRATIONAL] until measured in production, and compliance milestones are dated on the roadmap, not implied.
If you're evaluating Scribara through security review, we provide a documentation pack covering data flows, sub-processors, model governance, and incident response. Contact the team to begin.
No — production runs on owned models served on NVIDIA compute. Frontier APIs are a non-PHI bootstrap/fallback only.
Yes — Scribara handles PHI under a Business Associate Agreement.
Every action is logged in an immutable, reversible trail tied to the clinician's signature.
We'll share data-flow diagrams, sub-processors, and our compliance roadmap.