Skip to main content
Medera operates under a HIPAA-grade, 42 CFR Part 2-aware controls program. Every request runs through a tenant-scoped runtime with Row-Level Security, encrypted PHI encryption, and Merkle-tree audit integrity.
https://mintcdn.com/medera-357fd587/n1mgcc3nR2sq_PoL/icons/ui/shield-check.svg?fit=max&auto=format&n=n1mgcc3nR2sq_PoL&q=85&s=6909d120dcab3cdfef838294f042d00c

HIPAA

Access control, audit, integrity, transmission security.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/shield-alert.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=9a31ae547e9c652f00965438ad5f90e7

42 CFR Part 2

SUD data with explicit consent + re-disclosure.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/file-text.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=7cc7f358d5e4af95c1bc5110b45a9b68

BAA / DPA

Business Associate Agreement + Data Processing Addendum.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/link.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=44f5f1ae1b0122daa0138e9f47b49449

Sub-processors

Current sub-processor list.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/lock.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=c9887b4194639a1779d01352d3348ef2

Security Controls

Encryption, audit, RLS, access control.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/globe.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=c6381a12d6805e01a35cb84787415b5b

Data Residency

US, EU, customer-VPC options.

Certifications and posture