HIPAA Compliance Architecture
How we secure your protected health information (PHI) with military-grade standards.
VA Claim Buddy is owned and operated by VA CLAIM BUDDY, LLC.
Business Associate Agreement (BAA)
VA Claim Buddy operates under a strict HIPAA Business Associate Agreement (BAA) with Google Cloud. This legally binding contract ensures that:
- We utilize the Enterprise Vertex AI API, which is explicitly covered by Google's HIPAA compliance program.
- Your data is processed in a secure, isolated environment designated for sensitive healthcare information.
- Google is contractually obligated to implement safeguards ensuring the confidentiality of your PHI.
End-to-End Encryption
Your data is encrypted at every stage of the process:
- In Transit: All data transmitted between your device and our servers is protected using TLS 1.3 (Transport Layer Security).
- At Rest: Any temporary data stored on our servers is encrypted using AES-256 (Advanced Encryption Standard).
- Session Security: We enforce strict session security cookies to prevent unauthorized access to your account.
Cloud Infrastructure Security
Our application is hosted on Google Cloud Platform's fully managed, HIPAA-compliant infrastructure.
- Access Control: Strict Identity and Access Management (IAM) protocols limit system access to authorized processes only.
- Audit Logging: We maintain detailed logs of system access (without recording PHI) to monitor for any suspicious activity.
- Vulnerability Management: Our systems undergo regular automated security scanning to identify and patch vulnerabilities.
Audited & Verified
This architecture successfully passed a Deep Dive Technical Compliance Audit on Jan 31, 2026.
This architecture successfully passed a Deep Dive Technical Compliance Audit on Jan 31, 2026.