Medera operates a HIPAA-grade, 42 CFR Part 2-aware platform with explicit controls at every layer of the request path. Every tenant runs in a Row-Level-Security-isolated database, all PHI is encrypted with AES-256-GCM, and every PHI access generates an immutable audit event.Documentation Index
Fetch the complete documentation index at: https://docs.medera.info/llms.txt
Use this file to discover all available pages before exploring further.
HIPAA
HIPAA Security and Privacy Rule controls
42 CFR Part 2
Substance use disorder data controls
BAA
Business Associate Agreement
Data Residency
US, EU, customer-VPC
Sub-processors
Current sub-processor list
Encryption
AES-256-GCM at rest, TLS 1.3 in transit
Audit Logging
Immutable WORM audit with Merkle integrity
Row-Level Security
Tenant isolation at the database layer
Certifications
| Control | Status |
|---|---|
| HIPAA Security Rule | Operating, externally audited |
| HIPAA Privacy Rule | Operating |
| 42 CFR Part 2 | Operating |
| SOC 2 Type II | In audit |
| HITRUST | Roadmapped Q4 2026 |
| ISO 27001 | Roadmapped 2027 |