Skip to main content

Your Data Security Is Our Foundation

HIPAA Compliant

BAA Available

Data Encrypted

SOC 2 Planned

Security & Compliance

Enterprise-Grade Data Security

HIPAA Compliance

Seneca Shield is fully HIPAA compliant. All processes, infrastructure, and personnel adhere to the Privacy Rule, Security Rule, and Breach Notification Rule. We conduct regular risk assessments and maintain comprehensive HIPAA policies and procedures.

Business Associate Agreement (BAA)

We execute a BAA with every customer before accessing any PHI. It's the first step in our onboarding process, completed on Day 1.

Encryption

All data is encrypted at rest using AES-256 encryption across every storage layer — databases, object storage, ephemeral storage, and caching. Data in transit is protected with TLS 1.2 or higher on every connection, and we validate and require certificates for all encrypted communications between services.

Access Controls & Audit Logging

Access to patient data is restricted through role-based access controls (RBAC). Every data access event is logged in an immutable audit trail, including who accessed what data and when.

Infrastructure

Seneca Shield is hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP) using HIPAA-eligible services. Our infrastructure is isolated, monitored, and regularly assessed to maintain the highest security standards.

Data Retention & Deletion

PHI is retained only as long as needed to deliver your compliance reports. You can request deletion of your data at any time, and we will confirm deletion in writing within 30 days.

How Our AI Handles PHI

We understand that compliance officers are rightfully skeptical about AI handling patient data. Here are direct answers to the questions we hear most.

Is this generative AI?
No. Seneca Shield uses structured, rule-based compliance analysis designed specifically for hospice and home health regulatory standards. We do not use generative AI for compliance findings.
Is my data used to train models?
Never. Your patient data is never used to train AI models. Your data is yours.
Is PHI stored?
PHI is processed in a secure, encrypted environment and retained only as long as needed to deliver your compliance reports. You can request deletion at any time.
What if the AI makes a mistake?
Every AI finding is built on clinical logic developed with our advisory team, including former hospice CMOs and compliance officers with 20+ years of experience. All findings are reviewable by your team before any action is taken.
Who can see my data?
Access is restricted through role-based permissions with full audit logging. Only authorized personnel involved in your compliance review can access your data.

Security Inquiries

Questions about our security practices? Contact us at hello@senecashield.com

Book a Demo and Ask Us Anything

We're happy to answer any security or compliance questions during your demo. Your data protection is our priority.

Book a Demo and Ask Us Anything