Security & HIPAA
How PaiKnight protects patient and provider data.
HIPAA-aligned platform
PaiKnight operates as a HIPAA Business Associate of its provider clients. We access Protected Health Information (PHI) only to perform administrative reimbursement-coordination services, under a signed Business Associate Agreement, with administrative, physical, and technical safeguards consistent with 45 C.F.R. Parts 160 and 164.
Encryption
- At rest: patient PHI is field-encrypted with AES-256-GCM; documents are stored in private, access-controlled storage.
- In transit: all traffic is encrypted with TLS.
- Encrypted, BAA-covered transmission for our offshore coordination team.
Access controls
- Least-privilege, role-based access — case handlers see only the cases assigned to them.
- Multi-factor authentication and PIN unlock for internal staff; forced logout on session-version change.
- Every PHI access is immutably audit-logged with jurisdiction/country.
- PHI access requires a signed BAA and current HIPAA training.
Infrastructure & vendors
- Hosted on U.S.-based, BAA-covered cloud infrastructure.
- Business Associate Agreements are maintained with subprocessors that may handle PHI.
- Payment data is processed by Stripe; patient funds are never held or routed by PaiKnight — insurers pay the provider directly.
Request a BAA
Covered entities can request a Business Associate Agreement at compliance@paiknight.com. See our Business Associate Agreement and Privacy Policy for details.