Privacy & Security
At Waivs, protecting patient data is our highest priority. We employ industry-leading security measures to ensure your data remains safe, private, and compliant with healthcare regulations.
End-to-End Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption, ensuring your patient data remains secure at every step.
HIPAA & PIPEDA Compliant
Waivs is fully compliant with HIPAA and PIPEDA regulations. We sign Business Associate Agreements (BAAs) with all healthcare partners and maintain strict PHI handling procedures.
Access Controls
Role-based access controls, multi-factor authentication, and comprehensive audit logging ensure only authorized personnel can access sensitive information.
Regular Security Audits
We conduct regular penetration testing, vulnerability assessments, and security audits to identify and address potential risks proactively.
Data Residency
All patient data is stored in HIPAA and PIPEDA-compliant data centers, with redundant backups and disaster recovery procedures.
HIPAA & PIPEDA Compliance
Waivs maintains full compliance with HIPAA and PIPEDA regulations, ensuring the protection of sensitive patient health information across the US and Canada.
Our HIPAA & PIPEDA Commitments
- Business Associate Agreements (BAA) with all partners
- Administrative, physical, and technical safeguards
- Regular workforce training on HIPAA & PIPEDA requirements
- Incident response and breach notification procedures
- Minimum necessary access to PHI
- Complete audit trails for all data access
Validated By
Arancia
Independently verified compliance with HIPAA and PIPEDA requirements
Your Data, Your Control
Data Collection
We only collect data that is necessary to provide our services. This includes patient health information provided during clinical encounters and voice interactions, which is processed securely to generate documentation and care plans.
Data Usage
Patient data is used solely for the purpose of providing clinical documentation, patient engagement, and care coordination services. We never sell patient data or use it for advertising purposes.
Data Retention
Data is retained in accordance with healthcare record retention requirements and your organization's policies. Upon request, data can be exported or deleted in compliance with applicable regulations.
Third-Party Sharing
We do not share patient data with third parties except as necessary to provide our services (e.g., cloud infrastructure providers who are also HIPAA and PIPEDA compliant) or as required by law.
Questions About Security?
Our security team is here to help. Contact us for security documentation, BAA requests, or any questions about our privacy practices.
Contact Security Team