Security & Compliance
Built for regulated environments
Engram Clinical is designed from the ground up to meet the security and compliance requirements of healthcare organizations handling sensitive patient and clinical trial data.
Infrastructure
Hosted on Microsoft Azure using HIPAA-eligible services under Business Associate Agreement.
Microsoft Azure
Enterprise cloud infrastructure with global compliance certifications
HIPAA-Eligible Services
All services operate under Business Associate Agreement (BAA)
SOC-Aligned Architecture
Controls mapped to SOC 2 Type II requirements
Encryption at Rest
AES-256 encryption for all stored data and backups
Encryption in Transit
TLS 1.3 for all data transmission
Private Tenancy
Optional dedicated infrastructure for enterprise customers
Access Controls
Comprehensive access management ensures only authorized users can access sensitive clinical data, with complete audit trails for all actions.
- Role-based access control (RBAC)
- Multi-factor authentication (MFA)
- Single sign-on (SSO) integration
- Complete audit logging
- Session management and timeout policies
- IP allowlisting
- Data retention controls
- Secure API authentication
Compliance & SLAs
HIPAA
Eligible services under BAA
SOC
Aligned architecture
2 Day
SLA response time
Same Day
Core analyses with QA
Engram Clinical operates as a Business Associate under HIPAA and maintains technical and administrative safeguards appropriate for protected health information. Security is a shared responsibility between Engram and our customers.
Questions about security?
Our team can provide detailed security documentation and answer questions about our compliance posture.