Enterprise-Grade Security & Compliance
Your patient data deserves the highest level of protection. We've built PsychReport.ai with security and compliance at its core, meeting the strictest healthcare industry standards.
HIPAA Compliance
Full HIPAA compliance with Business Associate Agreement (BAA) included for all healthcare providers.
- Comprehensive HIPAA risk assessment
- Administrative, physical, and technical safeguards
- Regular compliance audits and monitoring
- Staff training and documentation
End-to-End Encryption
All data is encrypted both in transit and at rest using industry-standard AES-256 encryption.
- TLS 1.3 for data in transit
- AES-256 encryption for data at rest
- Encrypted database storage
- Secure key management system
Audit Logs
Comprehensive audit trails track all user actions and system events for complete transparency.
- User activity logging
- Data access tracking
- System event monitoring
- Compliance reporting tools
Access Controls
Secure access controls ensure only authorized personnel can access sensitive information.
- Multi-factor authentication (MFA)
- Secure session management
- User activity monitoring
- Access timeout controls
User Management
Secure user management features designed for individual practitioners (team features coming soon).
- Individual user accounts
- Secure authentication
- Assessment history tracking
- Data ownership controls
Data Backup & Recovery
Automated backups and disaster recovery ensure your data is always protected and available.
- Automated daily backups
- Fully redundant backups
- Point-in-time recovery
- Disaster recovery testing
Certifications & Compliance
SOC 2 Type II
Our hosting partners maintain SOC 2 Type II certification for security controls
HIPAA Compliant
Full compliance with Health Insurance Portability and Accountability Act requirements
Google Cloud Security
Built on Google Cloud Platform with enterprise-grade security infrastructure
ISO 27001
Our hosting partners maintain ISO 27001 certification for information security
Our Privacy Commitment
We never sell, share, or monetize your patient data. Your information is used solely to provide our services and remains under your complete control at all times.
Security Questions
Your data protection concerns answered
FERPA Compliance for School Districts
For school districts, student data privacy isn't just a rule — it's a fundamental trust. PsychReport.AI was built with a privacy-first design, ensuring full compliance with FERPA from the ground up.
We Act as Your "School Official"
FERPA's School Official exception allows us to handle student data on your behalf. We are contractually bound to:
- Perform only the institutional service we were hired for
- Operate under the direct control of your school for all data
- Use data only for the specific purpose agreed upon
- Never re-disclose or use data for any other purpose
Our Data Commitments
No Secondary Use
Student data is never used for AI model training, marketing, or any purpose beyond generating your reports.
Parent Rights Supported
Your staff retains full access to download and amend student records at any time to fulfill FERPA parental access requests.
Secure Data Destruction
All student data is permanently deleted from live systems 30 days after contract end and purged from backups on a fixed schedule.
School pricing available: PsychReport.AI serves both private practice and school settings. Contact us for school and district pricing.