HIPAA as a Service

HIPAA Infrastructure for Modern Healthcare

Collect, store, and retrieve PHI securely — without handling HIPAA infrastructure yourself. PHI never touches your servers.

Start Building Book a Demo

SOC 2 Type II

HIPAA Compliant

BAA Included

patient-intake.tsx

import { HaaSForm }  from '@haas/react'

function Intake() {
  return (
    <HaaSForm
      formId="intake-2024"
      onSuccess={(token) => {
        // Only token sent to your server
        api.post('/patients', { phiToken: token })
      }}
    />
  )
}

● HIPAA CompliantPHI IsolatedAES-256-GCM Encrypted

PHI Secured

50+

Healthcare products built

HIPAA systems delivered

< 5min

Integration time

99.99%

Uptime SLA

∞

Audit log retention

Platform

Everything PHI needs — nothing it doesn't

Stop building HIPAA infrastructure from scratch. HaaS abstracts it so your team ships faster.

Hosted HIPAA Forms

Iframe-isolated forms collect PHI. Encrypted before leaving the browser. Zero PHI on your infra.

Encrypted PHI Vault

AES-256-GCM at rest with per-form AWS KMS keys. TLS 1.2+ in transit. Tokenized access — your server only ever stores a record_id.

Compliance Dashboard

Live compliance score. Pre-built audit reports. Reduce audit prep from months to days.

Immutable Audit Logs

HMAC-SHA256 signed audit trail. Every PHI access logged with who, when, and why. INSERT-only — tamper-proof by design.

Developer APIs & SDKs

REST, webhooks, gRPC. SDKs for React, Node.js, Python. Sandbox + live modes out of the box.

White-Label Infrastructure

Your brand on every form. Custom domains, logos, compliance policies. Patients see you, not us.

Architecture

PHI never touches your servers

Our iframe isolation model keeps patient data completely off your infrastructure.

STEP 01

Patient fills form

Hosted on embed.hipaacompliant.io

→

STEP 02

PHI encrypted

AES-256-GCM, per-form KMS key

→

STEP 03

record_id returned

postMessage to your app

→

STEP 04

Vault stores PHI

Isolated from your systems

Zero PHI on your infrastructure. Your app never stores, processes, or transmits PHI. HaaS handles all 18 HIPAA identifiers. You get a token. Patients get security.

See Architecture Docs

Developer Experience

APIs built for developers first

Developer-first APIs built for healthcare. Full REST API, typed SDKs, webhooks, sandbox mode. Integrate in an afternoon, not a sprint.

Live in < 5 minutes with npm install @haas/react

Sandbox mode mirrors live — no real PHI at risk

Webhooks for async PHI events — no polling needed

API keys, JWT, OAuth — all auth patterns supported

View Docs →API Reference

.tsx

import { HaaSForm } from '@haas/react'

export default function PatientIntake() {
  return (
    <HaaSForm
      formId="patient-intake-v2"
      onSuccess={handleToken}
      theme={"dark"}
    />
  )
}

// PHI never reaches your server
// You only receive a secure token →

Security & Compliance

Enterprise security. Audit-ready.

Every layer designed for the healthcare trust model.

AES-256-GCM Encryption

All PHI encrypted at rest with AES-256-GCM. Per-form AWS KMS envelope keys — one compromised key can't decrypt any other form's data.

BAA Included

HIPAA Business Associate Agreement signed on signup. No separate negotiation needed.

Immutable Audit Logs

HMAC-SHA256 signed. Every access logged with actor, timestamp, and purpose. INSERT-only at DB level. Retained indefinitely.

Breach Notification

Automated breach detection. $10M cyber insurance. Notification within 24 hours of discovery.

HIPAA

SOC 2 Type II

HITRUST CSF

NIST 800-188

GDPR Ready

Pricing

Simple, transparent pricing

Scale from prototype to production. No surprise bills.

Starter

$299/mo

For early-stage health tech teams

Start Free Trial

Up to 10K forms/month

5 GB encrypted vault

Audit logs — 90 days

Email support

Community Slack

Sandbox mode

Common questions

Still have questions? Talk to our team →

Ship HIPAA features in days, not months

Join healthcare teams who chose infrastructure over compliance headaches.

Start Free Trial →Schedule a Demo