Medera operates under a HIPAA-grade, 42 CFR Part 2-aware controls program. Every request runs through a tenant-scoped runtime with Row-Level Security, AES-256-GCM PHI encryption, and Merkle-tree audit integrity.Documentation Index
Fetch the complete documentation index at: https://docs.medera.info/llms.txt
Use this file to discover all available pages before exploring further.
HIPAA
Access control, audit, integrity, and transmission security under 45 CFR §164.
42 CFR Part 2
Substance use disorder data with explicit consent and re-disclosure controls.
BAA / DPA
Business Associate Agreement and Data Processing Addendum.
Sub-processors
Current list of sub-processors.
Security Controls
Encryption, audit, RLS, and access control.
Data Residency
US, EU, and customer-VPC options.
Certifications and posture
| Control | Status |
|---|---|
| HIPAA Security Rule | Operating, externally audited |
| HIPAA Privacy Rule | Operating |
| 42 CFR Part 2 | Operating |
| SOC 2 Type II | In audit |
| HITRUST | Roadmapped |
| ISO 27001 | Roadmapped |