Enterprise-Grade Security
Security and compliance built for healthcare.
Neurex takes security seriously. Our platform is designed from the ground up to meet the rigorous requirements of healthcare data protection, regulatory compliance, and responsible AI deployment.
HIPAA
SOC 2 Type II
HITRUST
BAA Ready
HIPAA Verified
SOC 2
Audit Trail
BAA Ready
HIPAA-Ready Architecture
Neurex is built to meet HIPAA requirements for protecting electronic protected health information (ePHI). We execute Business Associate Agreements with all customers.
Administrative Safeguards
- Security management processes
- Workforce training and management
- Information access controls
- Security incident procedures
- Contingency planning
- Business Associate Agreements
Physical Safeguards
- Secure data centers (SOC 2 certified)
- Facility access controls
- Workstation security policies
- Device and media controls
- Geographic redundancy
- Disaster recovery procedures
Technical Safeguards
- Access controls and authentication
- Encryption at rest and in transit
- Audit controls and logging
- Integrity controls
- Transmission security
- Automatic log-off
Breach Notification
- Incident detection systems
- Breach notification procedures
- Risk assessment processes
- Mitigation protocols
- Documentation requirements
- Regulatory reporting
Trust Service Criteria
SOC 2-Aligned Controls
Our security program is designed to meet SOC 2 Type II criteria across all five Trust Service Principles.
Security
Availability
Integrity
Confidentiality
Privacy
Security
Protection against unauthorized access through logical and physical controls, network security, and vulnerability management.
Availability
System availability and performance monitoring with 99.9% uptime SLA, redundant infrastructure, and disaster recovery capabilities.
Processing Integrity
Data processing that is complete, valid, accurate, timely, and authorized with comprehensive error handling and validation.
Confidentiality
Protection of confidential information through encryption, data classification, access controls, and secure disposal procedures.
Privacy
Personal information collection, use, retention, disclosure, and disposal practices that meet privacy commitments and requirements.
Security Architecture
Multi-layered security controls protect your data at every level of the stack.
Application Layer
RBACMFASSO
Data Layer
AES-256TLS 1.3Key Rotation
Network Layer
FirewallDDoS ProtectionSegmentation
Infrastructure Layer
Cloud-NativeRedundancyMonitoring
Data Encryption
- AES-256 encryption at rest
- TLS 1.3 for data in transit
- Key management via AWS KMS
- Regular key rotation
Access Controls
- Role-based access control (RBAC)
- Multi-factor authentication
- SSO integration (SAML, OAuth)
- Principle of least privilege
Monitoring & Logging
- Real-time security monitoring
- Comprehensive audit logs
- Anomaly detection
- SIEM integration
Infrastructure Security
- Cloud-native architecture
- Network segmentation
- DDoS protection
- Regular penetration testing
Vulnerability Management
- Continuous vulnerability scanning
- Regular security patching
- Third-party security audits
- Bug bounty program
Compliance Management
- Regular compliance assessments
- Policy and procedure documentation
- Staff security training
- Vendor risk management
AI Governance
Responsible AI Practices
Healthcare AI requires special attention to fairness, transparency, and accountability. Our responsible AI framework ensures ethical deployment.
Fairness
Transparency
Oversight
Accountability
Bias Monitoring
Continuous monitoring for algorithmic bias across demographic groups with regular fairness audits and mitigation strategies.
Explainability
Every AI recommendation includes reasoning and supporting evidence, enabling users to understand and verify decisions.
Human Oversight
Configurable human-in-the-loop workflows ensure appropriate oversight for high-stakes decisions and edge cases.
Audit Trails
Complete logging of AI inputs, outputs, and reasoning enables accountability, debugging, and continuous improvement.
Data Governance
Strict controls on training data sources, quality, and usage with privacy-preserving techniques and data minimization.
Continuous Validation
Ongoing model performance monitoring, validation against real-world outcomes, and retraining to maintain accuracy.
Questions about our security?
Our security team is happy to discuss our practices, provide documentation, and answer your questions.
Security and compliance questions