Compliance & Security

HIPAA Posture Memo

AI Diligence Console

HIPAA Posture Memo

TL;DR: Rōvn is HIPAA-aligned · BAA available. There is no HIPAA "certification" any authority issues; what is required is BAA execution + §164 administrative, physical, and technical safeguards implemented. AI chain: AWS Bedrock under BAA → Anthropic Claude (Haiku 4.5) under BAA → Rōvn backend on ECS. Sub-processors (Persona, Checkr, WorkOS, Drata, and platform engineering partner under NDA named under NDA) all signed under BAA flow-down. PHI minimization architecture, only credential metadata flows through the AI gateway; clinical PHI does not. Hash-chained audit log + S3 Object Lock 7-year retention. Incident response, encryption (AES-256 at rest, TLS 1.3 in transit), and 60-day breach notification posture all wired. AI operates the workflow. Source systems prove the facts. Humans make every regulated decision.

1. The Posture Claim

Rōvn is HIPAA-aligned · BAA available. We do not represent as any HIPAA certification language, those phrases imply a certification no authority issues. We represent HIPAA-aligned posture: BAA execution + §164 control implementation + design-partner pilot posture.

This framing is non-negotiable for two reasons:

HHS OCR position. HIPAA compliance is not a third-party certifiable state. It is an ongoing program of administrative, physical, and technical safeguards. Vendors who use "HIPAA-aligned" or "HIPAA-aligned" as a marketing line get flagged in hospital procurement reviews and by OCR enforcement.
Procurement reality. What facility GCs actually want to see is BAA execution + control implementation documentation + breach notification posture. Those are the things they need for their own §164 program.

What we claim and can prove: - BAA executed with AWS, Anthropic, Persona, Checkr, WorkOS, Drata, and platform engineering partner (named under NDA). - §164 administrative, physical, technical safeguards implemented in the engineering chassis. - Pre-launch by design. Zero paying-customer PHI processed at scale. Zero breach history because there is no production PHI flow yet.

2. §164 Controls Map

The Security Rule (45 CFR §164.302-§164.318) defines required and addressable safeguards. Rōvn maps to all three categories.

Administrative Safeguards (§164.308)

Control	Status	Evidence
Security management process (§164.308(a)(1))	Implemented	Risk assessment Q2 2026; remediation backlog tracked
Assigned security responsibility (§164.308(a)(2))	Implemented	Founder-designated Security Officer; platform partner secondary
Workforce security (§164.308(a)(3))	Implemented	Background check + signed workforce confidentiality
Information access management (§164.308(a)(4))	Implemented	RBAC across all data planes; access logs to hash-chained audit
Security awareness training (§164.308(a)(5))	In progress	Drata-managed annual training rollout
Security incident procedures (§164.308(a)(6))	Implemented	IR runbook + 60-day breach notification posture
Contingency plan (§164.308(a)(7))	Implemented	Multi-AZ backups, S3 cross-region replication, RPO/RTO targets
Evaluation (§164.308(a)(8))	In progress	SOC 2 Type II audit window (Drata-managed) will produce evaluation report; report target Q3 2027
BAA contracts (§164.308(b)(1))	Implemented	BAA registry, AWS, Anthropic, Persona, Checkr, WorkOS, Drata, and platform engineering partner (named under NDA)

Physical Safeguards (§164.310)

Rōvn does not operate physical data centers. All physical safeguards flow through AWS BAA.

Control	Status	Evidence
Facility access controls (§164.310(a))	Inherited via AWS BAA	AWS SOC 2 + ISO 27001 + HITRUST CSF
Workstation use + security (§164.310(b)(c))	Implemented	MDM + endpoint encryption + screen-lock policy
Device and media controls (§164.310(d))	Inherited via AWS BAA	AWS media destruction + S3 immutable retention

Technical Safeguards (§164.312)

Control	Status	Evidence
Access control (§164.312(a))	Implemented	Cognito + WorkOS SSO + RBAC at API + DB layer; least-privilege IAM
Audit controls (§164.312(b))	Implemented	Hash-chained audit log + CloudWatch + Sentry observability
Integrity (§164.312(c))	Implemented	Hash-chain prevents tampering; S3 Object Lock prevents deletion
Transmission security (§164.312(e))	Implemented	TLS 1.3 in transit; AWS PrivateLink for inter-service

3. BAA Registry

Every vendor that touches PHI or PHI-adjacent data has an executed BAA. Full registry in 04_compliance/BAA_REGISTRY.md.

Vendor	Role	BAA status
AWS	Infrastructure, S3, Cognito, KMS	Executed
AWS Bedrock	Claude executor under AWS BAA boundary	Executed (BAA chain: AWS Bedrock → Anthropic Claude (Haiku 4.5) → Rōvn backend on ECS)
Anthropic	Claude model provider via Bedrock	Executed BAA (model traffic stays inside AWS BAA boundary)
Persona	Identity verification (IAL2)	Executed
Checkr	Background check	Executed
WorkOS	Enterprise SSO	Executed
Drata	SOC 2 evidence collection	Executed
Platform engineering partner (named under NDA)	Implementation and operational chassis	Executed

Sub-processor flow-down language is included in every BAA so any downstream sub-processor (e.g. an AWS sub-vendor) is bound by the same restrictions Rōvn is bound by.

4. PHI Minimization

Rōvn deliberately minimizes PHI exposure across the architecture.

What is PHI in Rōvn's context. Credential metadata (name, NPI, DEA #, license #, license state, license expiration, board cert metadata, immunization status, sanctions / exclusions, employment history at clinical facilities). This is PHI when tied to an identifiable healthcare worker.
What is NOT in Rōvn. Clinical PHI, patient records, diagnoses, treatments, test results, claims data. Rōvn does not store or transit clinical PHI.
What flows through AI gateway. Only credential metadata. Document extraction inputs (uploaded license printouts, transcripts, BLS cards) carry credential metadata but not clinical PHI. AWS Bedrock BAA + Anthropic BAA chain covers this flow.
What does NOT flow through AI gateway. Patient-care PHI. Rōvn does not have a patient-care surface.

PHI minimization is a deliberate architectural choice. It bounds the regulatory surface area and simplifies BAA scope for every downstream vendor.

5. Encryption Posture

At rest

AES-256 via AWS KMS for all PHI-containing tables, S3 buckets, EFS, and backup snapshots.
Customer-managed KMS keys (CMK) for any future per-customer isolation tier.
S3 Object Lock + 7-year retention for the audit log artifact archive and source-receipt evidence store.

In transit

TLS 1.3 at the public edge (CloudFront + ALB).
AWS PrivateLink + VPC endpoints for inter-service traffic.
mTLS on internal service mesh where applicable.

Key management

AWS KMS rotation enabled (annual).
No long-lived static secrets in code. AWS Secrets Manager for all credentials. Outbound MCP token + inbound MCP token both in Secrets Manager (project_rovn_mcp_server_live.md).

6. Audit Chain

The hash-chained audit log is the spine of every compliance claim Rōvn makes.

Append-only. Every event (credential verification, source query, AI executor call, AI advisor call, consent grant, consent revoke, hire workflow event, privilege approval, monitoring delta) writes a record.
Hash chain. Each record carries prev_hash + payload_hash → current_hash. Tampering with any record breaks the chain from that point forward.
S3 Object Lock. Audit artifacts written to S3 with Object Lock in compliance mode + 7-year retention. Cannot be deleted or overwritten by any IAM principal, including root.
Endpoint replay. /audit/chain-head returns current chain head; full chain replay available for audit window.
Migration: 2026_04_14_audit_log_harden.sql documents the hardening pattern.

Replay-able audit chain is exactly what Joint Commission / CMS surveyor PSV, CMS recoupment defense, and NCQA reviews require. The audit packet builder (TARGET roadmap) will turn the chain into a one-button auditor-ready bundle.

7. Incident Response

IR posture

CloudWatch + Sentry observability across infrastructure, application, and security signals.
Founder on-call rotation + platform engineering partner (named under NDA) secondary; PagerDuty escalation.
24/7 ingestion of intrusion-detection events from GuardDuty + WAF + Security Hub.
Documented IR runbook with severity tiers, decision-tree, and stakeholder escalation paths.
Forensic capture automated on suspected incident (memory snapshot + log archive + audit chain snapshot).

Breach notification

§164.404, 60-day individual notification window if a breach of unsecured PHI occurs.
HHS notification within 60 days for breaches affecting <500 individuals (annual log); immediate (within 60 days) for ≥500.
Media notification within 60 days for ≥500 individuals in a state/jurisdiction.
Business associate notification flow, Rōvn notifies covered-entity customers within the contractual window (typically 30 days), they notify individuals.

Pre-launch posture: zero customer PHI flow means zero breach exposure at this stage. Posture is wired and tested via tabletop exercises with the platform engineering partner (named under NDA); live trigger has not occurred.

8. Sub-Processor Flow-Down

Every BAA includes sub-processor flow-down language so downstream vendors carry the same restrictions:

AWS sub-vendors: any AWS service that processes Rōvn-managed PHI is covered under the AWS BAA. AWS publishes a list of HIPAA-eligible services; Rōvn uses only HIPAA-eligible services for any PHI-touching path.
Anthropic via AWS Bedrock: Claude model traffic stays inside the AWS BAA boundary. The AWS BAA covers the Bedrock service and the underlying compute providers running Anthropic models; the Anthropic BAA covers the model provider relationship.
Persona, Checkr, WorkOS: each has their own sub-processor list under their BAA; Rōvn reviews quarterly.

9. What We Explicitly Do NOT Claim

❌ HIPAA compliant as a marketing claim. We say HIPAA-aligned · BAA available.
❌ HITRUST certified. Not certified. Not in the current 12-month plan.
❌ SOC 2 certified. SOC 2 Type II in progress with Drata. Report target Q3 2027 after observation window.
❌ Zero breach history at scale. True today only because we have zero paying-customer PHI flow. We will earn this claim by operating cleanly through Y1 paid traffic.
❌ Penetration test report available. Pentest scheduled Q4 2026.

This honesty is the version that survives a hospital General Counsel reading the procurement packet line-by-line.

10. Why the Posture Holds

Three reasons.

Architecture is HIPAA-aligned from day one. The platform engineering partner under NDA's (named under NDA) 10-year, 50+ live product, zero HIPAA violation chassis gives Rōvn the posture that competitors retrofit over 18-24 months. Time-to-posture is the partnership moat.
The Golden Rule scopes the regulatory surface. AI operates the workflow. Source systems prove the facts. Humans make every regulated decision. That doctrine means AI never makes a regulated decision, which keeps the AI regulatory surface bounded.
The hash-chained audit log + Object Lock + 7-year retention is the audit defense. Joint Commission / CMS surveyor PSV, NCQA Ideal Credentialing, CMS recoupment, every audit regime in the category needs a replay-able evidence chain. We ship it natively.

"Rōvn turns credentialing from a repeated cost into a reusable network asset."

That compression compounds only if the compliance posture survives every audit. The HIPAA posture above is what makes the compounding durable.

Ask the AI agent about this section, the raise, compliance posture, or any cross-document question. Grounded in Rōvn's deep context, with on-page source citations.

AI queries route through AWS Bedrock under BAA · Anthropic Claude (Haiku 4.5) under BAA · zero-data-retention posture · no PHI in prompts.