Skip to main content
Medera operates a HIPAA-grade, 42 CFR Part 2-aware platform with explicit controls at every layer of the request path. Every tenant runs in a Row-Level-Security-isolated database, all PHI is encrypted with AES-256, and every PHI access generates an immutable audit event chained with Merkle integrity checkpoints.
https://mintcdn.com/medera-357fd587/n1mgcc3nR2sq_PoL/icons/ui/shield-check.svg?fit=max&auto=format&n=n1mgcc3nR2sq_PoL&q=85&s=6909d120dcab3cdfef838294f042d00c

HIPAA

Security and Privacy Rule controls under 45 CFR §164.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/shield-alert.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=9a31ae547e9c652f00965438ad5f90e7

42 CFR Part 2

Substance use disorder data with explicit consent + re-disclosure.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/file-text.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=7cc7f358d5e4af95c1bc5110b45a9b68

BAA / DPA

Business Associate Agreement + Data Processing Addendum.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/link.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=44f5f1ae1b0122daa0138e9f47b49449

Sub-processors

Current sub-processor list.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/globe.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=c6381a12d6805e01a35cb84787415b5b

Data Residency

US, EU, and customer-VPC options.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/lock.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=c9887b4194639a1779d01352d3348ef2

Encryption

AES-256 at rest, TLS 1.3 in transit.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/scroll.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=b8ef766290bd197b23cb6510210f423b

Audit Logging

WORM audit + Merkle integrity.
https://mintcdn.com/medera-357fd587/n1mgcc3nR2sq_PoL/icons/ui/table.svg?fit=max&auto=format&n=n1mgcc3nR2sq_PoL&q=85&s=c550c53e73c0531f38ae395054559211

Row-Level Security

Tenant isolation at the database layer.

Certification posture


What’s next

https://mintcdn.com/medera-357fd587/n1mgcc3nR2sq_PoL/icons/ui/shield-check.svg?fit=max&auto=format&n=n1mgcc3nR2sq_PoL&q=85&s=6909d120dcab3cdfef838294f042d00c

HIPAA controls

Section-by-section implementation.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/shield-alert.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=9a31ae547e9c652f00965438ad5f90e7

42 CFR Part 2

SUD data controls.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/lock.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=c9887b4194639a1779d01352d3348ef2

Encryption

Keys, rotation, KMS.
https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/scroll.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=b8ef766290bd197b23cb6510210f423b

Audit Logging

WORM audit details.