Home / Security
Security & compliance

Built to protect patient data.

Basalt handles some of the most sensitive information in healthcare. Privacy and security are not features bolted on; they are how the product is built, from ingestion to audit trail.

HIPAA-first

Built to support HIPAA obligations end to end. We sign a BAA with every customer.

Encrypted everywhere

Data is encrypted in transit and at rest. Access is least-privilege and logged.

PHI minimization

We show only the minimum needed, and our logs reference an internal ID rather than a patient's name.

Auditable by design

Every finding links to its source and leaves a trail, so decisions can be reviewed.

Access controls

Role-based access and SSO on enterprise plans keep the right eyes on the right records.

Vendor diligence

We support your security review and provide documentation for procurement.

Privacy by default

The least data necessary, always.

The product is built around not leaking PHI. The interface shows what a reviewer needs and nothing more, and our logs are designed so a name never appears where an identifier will do.

  • Internal IDs in place of names in logs
  • Only the minimum identifiers a reviewer needs
  • Source documents access-controlled and audited
Compliance posture
Business Associate Agreement
Signed with every customer
Encryption in transit & at rest
Industry-standard ciphers
Audit logging
Every access recorded
SSO & RBAC
Available on enterprise

Certifications and formal attestations available under NDA. Ask us in the demo.

Need our security docs?

We will walk your team through our controls and share documentation for procurement.