HIPAA
Access control, audit, integrity, transmission security.
42 CFR Part 2
SUD data with explicit consent + re-disclosure.
BAA / DPA
Business Associate Agreement + Data Processing Addendum.
Sub-processors
Current sub-processor list.
Security Controls
Encryption, audit, RLS, access control.
Data Residency
US, EU, customer-VPC options.