Waivs.ai
Enterprise-Grade Security

Privacy & Security

At Waivs, protecting patient data is our highest priority. We employ industry-leading security measures to ensure your data remains safe, private, and compliant with healthcare regulations.

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption, ensuring your patient data remains secure at every step.

HIPPA & PHIPA Compliant

Waivs is designed to be compliant with HIPAA and PHIPA regulations. We sign Business Associate Agreements (BAAs) and Data Processing Agreements (DPA) with all healthcare partners and maintain strict PHI handling procedures.

Access Controls

Role-based access controls, multi-factor authentication, and comprehensive audit logging ensure only authorized personnel can access sensitive information.

Regular Security Audits

We conduct regular penetration testing, vulnerability assessments, and security audits to identify and address potential risks proactively.

Data Residency

All patient data is stored in HIPAA and PHIPA compliant data centers, with redundant backups and disaster recovery procedures.

HIPAA & PHIPA Compliance

Waivs maintains full compliance with HIPAA and PHIPA regulations, ensuring the protection of sensitive patient health information across the US and Canada.

Our HIPAA & PHIPA Commitments

  • Business Associate Agreements (BAA) with all partners
  • Administrative, physical, and technical safeguards
  • Regular workforce training on HIPAA & PHIPA requirements
  • Incident response and breach notification procedures
  • Minimum necessary access to PHI
  • Complete audit trails for all data access

Validated By

Arancia

HIPAA & PHIPA Compliant

Independently verified compliance with HIPAA and PHIPA requirements

Your Data, Your Control

Data Collection

We only collect data that is necessary to provide our services. This includes patient health information provided during clinical encounters and voice interactions, which is processed securely to generate documentation and care plans.

Data Usage

Patient data is used solely for the purpose of providing clinical documentation, patient engagement, and care coordination services. We never sell patient data or use it for advertising purposes.

Data Retention

Data is retained in accordance with healthcare record retention requirements and your organization's policies. Upon request, data can be exported or deleted in compliance with applicable regulations.

Third-Party Sharing

We do not share patient data with third parties except as necessary to provide our services (e.g., cloud infrastructure providers who are also HIPAA and PHIPA compliant) or as required by law.

Questions About Security?

Our security team is here to help. Contact us for security documentation, BAA requests, or any questions about our privacy practices.

Contact Security Team