Security & Compliance

Diagnose is designed for labs handling PHI with strict access controls, encryption, and auditability. Security is foundational, not an add-on.

HIPAA Compliance

Diagnose is designed from the ground up to meet HIPAA requirements. We execute Business Associate Agreements (BAAs) with every customer and maintain administrative, physical, and technical safeguards that meet or exceed HIPAA Security Rule standards.

  • Business Associate Agreement (BAA) provided
  • Role-based access controls
  • Minimum necessary access principle
  • Workforce training and security policies

Data Encryption

All data is encrypted both in transit and at rest. Communication between your instruments and Diagnose uses encrypted HTTPS connections. Database storage uses AES-256 encryption.

  • TLS 1.2+ for all data in transit
  • AES-256 encryption for data at rest
  • Encrypted instrument connections via HTTPS
  • Secure API authentication

Audit Trails

Every action in Diagnose is logged. Order changes, result modifications, user access, configuration updates — all tracked with timestamps, user identification, and before/after values. Audit history is designed to support inspection and compliance workflows.

  • Complete change history on every order
  • User-level action tracking
  • Before/after values on all modifications
  • Exportable audit logs

Cloud Infrastructure

Diagnose runs on Google Cloud Platform — the same infrastructure trusted by major healthcare organizations. Your data stays in the United States with automatic backups and disaster recovery built in.

  • Google Cloud Platform (US-based)
  • Automatic daily backups
  • Disaster recovery with geographic redundancy
  • No on-premise servers to maintain

Access Controls

Diagnose enforces role-based access controls so every user sees only what they need. Lab technicians, client users, and administrators each have appropriate permission levels. All sessions are authenticated and time-limited.

Role-Based Access

Users see only what their role requires

Lab-Level Isolation

Multi-tenant with strict data separation

Session Security

Authenticated, time-limited sessions

Questions About Security?

We can share our BAA, security overview, and architecture summary, and walk through compliance questions with your team.

Contact Us