Skip to main content

HIPAA

Zentake is built for healthcare practices and handles Protected Health Information (PHI) by design, patient demographics, insurance details, and medical history collected through Forms and Packets. This section describes what's true about Zentake's security posture today and links out to the specifics.

What's grounded in the product today

  • Team-scoped isolation. Every Patient, Form, Packet, Response, and Message belongs to exactly one Team, and every API request authenticates as a specific Team via X-API-KEY / X-API-SECRET. See Authentication.
  • Audit logging. API actions (create, update, delete, send, and more) are recorded by a dedicated audit-logging system. See Audit Logs.
  • A model Business Associate Agreement is available for download. See BAA.
  • API traffic runs over HTTPS. See Encryption.

Compliance certifications

Zentake publishes its compliance posture on zentake.com: the platform attests to HIPAA, SOC 2, GDPR, and PIPEDA compliance, and a model Business Associate Agreement is available for practices that need one (see BAA).

In this section

  • PHI Handling. What counts as PHI in Zentake and how it flows through the API.
  • Audit Logs. What gets logged and how.
  • Access Controls. How Zentake scopes and restricts access to data.
  • Data Retention. How long data is kept and how deletion works.
  • Encryption. Transport and at-rest posture.
  • BAA. The model Business Associate Agreement.