> ## Documentation Index
> Fetch the complete documentation index at: https://docs.medera.info/llms.txt
> Use this file to discover all available pages before exploring further.

# Trust Center

> Medera's HIPAA + 42 CFR Part 2 compliance program.

Medera operates a HIPAA-grade, 42 CFR Part 2-aware platform with explicit controls at every layer of the request path. Every tenant runs in a Row-Level-Security-isolated database, all PHI is encrypted with AES-256, and every PHI access generates an immutable audit event chained with Merkle integrity checkpoints.

<CardGroup cols={2}>
  <Card title="HIPAA" icon="https://mintcdn.com/medera-357fd587/n1mgcc3nR2sq_PoL/icons/ui/shield-check.svg?fit=max&auto=format&n=n1mgcc3nR2sq_PoL&q=85&s=6909d120dcab3cdfef838294f042d00c" href="/compliance/hipaa" width="40" height="40" data-path="icons/ui/shield-check.svg">
    Security and Privacy Rule controls under 45 CFR §164.
  </Card>

  <Card title="42 CFR Part 2" icon="https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/shield-alert.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=9a31ae547e9c652f00965438ad5f90e7" href="/compliance/42-cfr-part-2" width="40" height="40" data-path="icons/ui/shield-alert.svg">
    Substance use disorder data with explicit consent + re-disclosure.
  </Card>

  <Card title="BAA / DPA" icon="https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/file-text.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=7cc7f358d5e4af95c1bc5110b45a9b68" href="/compliance/baa" width="40" height="40" data-path="icons/ui/file-text.svg">
    Business Associate Agreement + Data Processing Addendum.
  </Card>

  <Card title="Sub-processors" icon="https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/link.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=44f5f1ae1b0122daa0138e9f47b49449" href="/compliance/sub-processors" width="40" height="40" data-path="icons/ui/link.svg">
    Current sub-processor list.
  </Card>

  <Card title="Data Residency" icon="https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/globe.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=c6381a12d6805e01a35cb84787415b5b" href="/compliance/data-residency" width="40" height="40" data-path="icons/ui/globe.svg">
    US, EU, and customer-VPC options.
  </Card>

  <Card title="Encryption" icon="https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/lock.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=c9887b4194639a1779d01352d3348ef2" href="/compliance/encryption" width="40" height="40" data-path="icons/ui/lock.svg">
    AES-256 at rest, TLS 1.3 in transit.
  </Card>

  <Card title="Audit Logging" icon="https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/scroll.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=b8ef766290bd197b23cb6510210f423b" href="/compliance/audit-logging" width="40" height="40" data-path="icons/ui/scroll.svg">
    WORM audit + Merkle integrity.
  </Card>

  <Card title="Row-Level Security" icon="https://mintcdn.com/medera-357fd587/n1mgcc3nR2sq_PoL/icons/ui/table.svg?fit=max&auto=format&n=n1mgcc3nR2sq_PoL&q=85&s=c550c53e73c0531f38ae395054559211" href="/compliance/row-level-security" width="40" height="40" data-path="icons/ui/table.svg">
    Tenant isolation at the database layer.
  </Card>
</CardGroup>

## Certification posture

| Control             | Status                        |                                                                                     |
| :------------------ | :---------------------------- | ----------------------------------------------------------------------------------- |
| HIPAA Security Rule | Operating, externally audited |                                                                                     |
| HIPAA Privacy Rule  | Operating                     |                                                                                     |
| 42 CFR Part 2       | Operating                     |                                                                                     |
| SOC 2 Type II       | In audit                      |                                                                                     |
| HITRUST             | Roadmapped Q4 2026            |                                                                                     |
| ISO 27001           | Roadmapped 2027               | Request the current trust bundle at [trust.medera.info](https://trust.medera.info). |

***

## What's next

<CardGroup cols={2}>
  <Card title="HIPAA controls" icon="https://mintcdn.com/medera-357fd587/n1mgcc3nR2sq_PoL/icons/ui/shield-check.svg?fit=max&auto=format&n=n1mgcc3nR2sq_PoL&q=85&s=6909d120dcab3cdfef838294f042d00c" href="/compliance/hipaa" width="40" height="40" data-path="icons/ui/shield-check.svg">
    Section-by-section implementation.
  </Card>

  <Card title="42 CFR Part 2" icon="https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/shield-alert.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=9a31ae547e9c652f00965438ad5f90e7" href="/compliance/42-cfr-part-2" width="40" height="40" data-path="icons/ui/shield-alert.svg">
    SUD data controls.
  </Card>

  <Card title="Encryption" icon="https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/lock.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=c9887b4194639a1779d01352d3348ef2" href="/compliance/encryption" width="40" height="40" data-path="icons/ui/lock.svg">
    Keys, rotation, KMS.
  </Card>

  <Card title="Audit Logging" icon="https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/scroll.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=b8ef766290bd197b23cb6510210f423b" href="/compliance/audit-logging" width="40" height="40" data-path="icons/ui/scroll.svg">
    WORM audit details.
  </Card>
</CardGroup>
