Encryption
All data encrypted at rest (AES-256) and in transit (TLS 1.3). Backups encrypted and isolated.
Security & standards
Built by a security engineer.We took it personally.
Alphabase holds clinical data for US specialty practices and their patients. The founder is a software and security engineer who has shipped products into regulated industries before. The product was built with that posture from day one – not bolted on after the first audit.
AES-256 · TLS 1.3 · RBAC · BAA on file · audit trail
Data residency you can point to on a map. A US one.
Alphabase runs on HIPAA-eligible services from a major US cloud provider. Patient and clinic data is hosted in the United States and does not leave the country. For multi-state practices, regional residency planning (US-East and US-West) is available on request.
Every Alphabase customer signs a Business Associate Agreement (BAA) before any patient health information is processed. Under HIPAA, software isn't compliant – organizations are. Alphabase operates as your business associate, with the contractual scope, breach notification commitments, and audit obligations your compliance officer expects.
Encryption, access, and audit — at every layer.
Access
Role-based access controls down to the field level. No shared logins. No password reuse. Multi-factor authentication on every administrative account.
Audit
Every action — every record viewed, every WhatsApp message, every edit — logged with user, timestamp, and context. Full audit trail available to clinic administrators on demand.
The standards real health systems run on.
ONC-Certified EHR
Alphabase's clinical data layer is certified under the United States Office of the National Coordinator EHR certification program — the same certification that governs Epic, Cerner, and other major US EHRs. Most lightweight clinic systems are not.
HIPAA-aligned Controls
Full HIPAA-aligned data handling: encryption, access control, audit logging, breach response procedures. Software is never "HIPAA-compliant" on its own — covered entities are. We provide the technical controls a HIPAA-covered entity needs.
HL7 & FHIR Interoperable
Built on HL7 and FHIR standards from the foundation. Ready to integrate with the systems your patients and payers already touch – Epic, Athena, eClinicalWorks, NextGen, Modmed, and the major US clearinghouses – as those integrations come online.
SNOMED CT · ICD-10 · CPT · LOINC
US clinical vocabularies configurable from admin. Your providers use the terminology they actually code in – ICD-10-CM and CPT for billing, SNOMED CT and LOINC for clinical data exchange. Alphabase maps it to the standards the rest of US healthcare uses.
What's certified today. What's coming.
We don't claim compliance we haven't earned. Here's what's real today and what's on the roadmap.
| Standard | Status | Geography |
|---|---|---|
| ONC-Certified EHR | Certified | US |
| HIPAA-aligned controls | Implemented | US |
| Business Associate Agreement | Standard on every contract | US |
| HL7 / FHIR interoperability | Implemented | US |
| SNOMED CT / ICD-10-CM / CPT / LOINC | Configurable today | US |
| US data residency | Implemented | US |
| Meta Technology Solutions Partner | Certified partner | Global |
| 10DLC carrier registration | Implemented | US |
| SOC 2 Type II | Audit in progress | US |
| Spanish-language patient UX | Implemented | US |
| Epic / Athena bidirectional sync | In development | US |
| HITRUST CSF | On roadmap | US |
| Regional data residency (US-East / US-West) | Available on request | US |
Questions about security?
For security and compliance questions, you can talk to our founder directly. He answers these himself.