Security & Compliance

HIPAA Compliance at Lumen

Lumen is built from the ground up to protect healthcare data. Every layer of our infrastructure -- from network isolation to AI processing -- is designed to meet or exceed HIPAA requirements for covered entities and business associates.

HIPAA Compliant
AWS BAA Signed
AES-256 Encryption
7-Year Data Retention

Infrastructure & Encryption

All data is encrypted at rest and in transit across our entire AWS infrastructure, covered under a signed Business Associate Agreement.

Encryption at Rest

All database storage uses RDS Transparent Data Encryption with AES-256. SSM parameters and sensitive configuration are encrypted with AWS KMS managed keys.

AES-256 / KMS

Encryption in Transit

TLS 1.2 or higher is enforced on every connection -- API calls, database connections, inter-service communication, and client-to-server traffic. No exceptions.

TLS 1.2+ Everywhere

AWS BAA Coverage

Our signed AWS Business Associate Agreement covers all HIPAA-eligible services we use: RDS, ECS, Amazon Bedrock, S3, and CloudWatch.

RDS / ECS / Bedrock / S3 / CloudWatch

Network Isolation

All application and database services run in private VPC subnets with no direct internet access. Outbound traffic routes through NAT gateways for egress-only connectivity.

Private VPC / NAT Egress Only

EMR Credentials

All EMR integration credentials are AES-encrypted in the database and never stored in plaintext. Decryption occurs only at runtime in memory during authorized sync operations.

AES-Encrypted at Rest

Data Retention

Practice data is retained for a minimum of 7 years, meeting HIPAA's minimum retention requirement. Automated backup and recovery procedures ensure data durability.

7-Year Minimum

PHI Sanitization for AI Processing

Every time Lumen sends data to an AI model, our sanitize_for_llm() function strips all protected health information before the request leaves our servers.

1

Practice Data

Raw data from EMR, payroll, and accounting systems

2

PHI Stripped

sanitize_for_llm() removes 18+ PII/PHI field types automatically

3

AI Analysis

Only de-identified aggregate data reaches the AI model

Field types automatically stripped before every AI call:

Patient Names Date of Birth SSN Phone Numbers Email Addresses Street Addresses Medical Record Numbers Health Plan IDs Account Numbers License/Certificate Numbers Device Identifiers Web URLs IP Addresses Biometric IDs Facial Photos Vehicle Identifiers Fax Numbers Geographic Data

Access Control & Audit Logging

Role-based access control with multi-tenant isolation ensures that users only see data they are authorized to access.

Role-Based Access Control (RBAC)

Four defined roles with granular permissions: Admin, Manager, Provider, and Analyst. Each role limits data visibility to only what is necessary for the user's function.

Admin / Manager / Provider / Analyst

JWT Authentication

All API requests are authenticated with signed JSON Web Tokens. Tokens are short-lived and validated on every request to prevent unauthorized access.

Signed JWT / Per-Request Validation

Multi-Tenant Isolation

Each practice's data is logically isolated at the database level. No practice can access, query, or view data belonging to another practice under any circumstance.

Tenant-Level Row Security

Comprehensive Audit Logging

Every data access, modification, and system event is logged with timestamp, user identity, and action performed. Audit logs are retained in compliance with HIPAA requirements.

Full Access Trail

Technical Specifications

Control Implementation Status
Business Associate Agreement Signed AWS BAA covering RDS, ECS, Bedrock, S3, CloudWatch Active
Encryption at Rest RDS TDE (AES-256), AWS KMS for SSM parameters Active
Encryption in Transit TLS 1.2+ enforced on all connections Active
PHI Sanitization sanitize_for_llm() strips 18+ PII field types before every AI call Active
Authentication JWT tokens, validated per request Active
Authorization RBAC with 4 roles: Admin, Manager, Provider, Analyst Active
Tenant Isolation Row-level security, practice-scoped queries Active
Audit Logging Every data access event logged with user, timestamp, action Active
Network Security Private VPC subnets, NAT gateway for egress only Active
EMR Credentials AES-encrypted in database, decrypted only at runtime in memory Active
Data Retention 7-year minimum (HIPAA requirement) Active

Questions about our compliance posture?

We are happy to provide additional documentation, complete security questionnaires, or discuss our HIPAA controls in detail. Contact our compliance team.

Contact Compliance Team

Or email us directly at compliance@lumen-intel.com