Security & Compliance

HIPAA Compliance

Protecting patient data is not just a requirement — it's a core value. Wingman Health is built from the ground up with HIPAA compliance at every layer.

Our Security Framework

Technical Safeguards

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Multi-factor authentication
  • Automated session timeout
  • Intrusion detection systems
  • Regular penetration testing

Administrative Safeguards

  • Designated Privacy Officer
  • Workforce training programs
  • Background checks for all staff
  • Incident response procedures
  • Risk assessment protocols
  • Sanction policies for violations

Physical Safeguards

  • SOC 2 Type II certified data centers
  • Facility access controls
  • Workstation security policies
  • Device and media controls
  • Environmental safeguards
  • Disaster recovery planning

Our Commitments

Business Associate Agreements

We execute BAAs with all covered entities before accessing or processing any Protected Health Information. Our BAA template is available upon request.

Minimum Necessary Standard

We only access, use, and disclose the minimum amount of PHI necessary to accomplish the intended purpose. Our browser extension processes data locally whenever possible.

Audit Trail & Logging

Every access to PHI is logged with timestamps, user identity, and action taken. Audit logs are retained for a minimum of 6 years as required by HIPAA.

Breach Notification

In the unlikely event of a data breach, we will notify affected covered entities within 24 hours and follow all HIPAA Breach Notification Rule requirements.

Questions About Our Security?

Contact our Privacy Officer for questions about HIPAA compliance, to request a BAA, or to report a security concern.

Email: [email protected]|Phone: (210) 744-8543