Your patients' data, protected by design.
We built Quantal Health for HIPAA from day one — not bolted it on later.
Your data lives in your own environment
Each clinic gets its own dedicated, isolated infrastructure. Your patients' records don't sit in a shared database next to anyone else's.
Encrypted everywhere
Patient data is encrypted at rest using your clinic's own dedicated encryption keys, and encrypted in transit using TLS — every connection, every time.
Activity logged for every access
Every time a patient record is opened — by your team or ours — it's recorded. You can see who accessed what, when, and why.
HIPAA-compliant agreements with every vendor
We don't work with infrastructure or AI vendors who can't sign HIPAA-compliant data agreements. You sign one with us; we maintain the rest of the chain.
What "your data lives in your own environment" actually means
Most software-as-a-service products mix every customer's data into one big shared database, and rely on software rules to keep them apart. We don't do that.
When your clinic signs up with Quantal Health, we set you up with your own dedicated cloud environment — your own database, your own application servers, your own encryption keys. Your patients' records live in infrastructure that nobody else's clinic touches.
When a patient at Mountainview Medicine logs their weight, that data goes to Mountainview's own dedicated database. It never sits next to data from any other clinic. There's no shared table where a software bug could accidentally show one clinic's patient to another clinic's clinician — because the other clinic's data isn't even in the same place.
If your clinic ever leaves us, we hand you the keys to your environment, including a final snapshot of all your data. No lock-in, no awkward export.
Medicine
Health
Wellness
Three clinics. Three completely separate environments.
What we mean by "HIPAA from day one"
HIPAA isn't a checkbox we ticked at the end. It shaped how we wrote the code. A few specifics:
-
✓
Patient data stays out of places it doesn't belong. We don't store patient information in browser logs, error reports, push notification text, SMS messages, web addresses, or analytics events. Even our own developers don't see patient names or weights when they're debugging the system.
-
✓
Clinical AI requests route through our backend. When a patient takes a photo of their injection site, that photo never goes directly from the patient's phone to an AI provider. It flows through our servers, where we strip identifying information before any AI ever sees it.
-
✓
HIPAA agreements with every link in the chain. Our cloud infrastructure provider, our monitoring tools, our AI providers — every vendor that could conceivably touch your patient data has signed a HIPAA-compliant data agreement with us.
-
✓
One agreement covers everything. Your clinic signs one HIPAA-compliant data agreement with us. We handle every downstream agreement so you don't have to chase paperwork from our vendors.
How we protect against common HIPAA risks
A clinic's compliance officer will recognize this list. Here's how we've designed the system to handle each one.
| The risk | How Quantal handles it |
|---|---|
| A patient's phone is lost or stolen | All patient data lives in the cloud, not on the device. A stolen phone means no patient data exposed — there's nothing on the phone to steal. |
| Inappropriate access by someone on your team | Every patient record access is logged. You can audit who on your team looked at which patient and when. If a clinician views a patient outside their care panel, you can find it. |
| A cloud misconfiguration exposes data | Each clinic has its own encrypted environment. A misconfiguration in one clinic's setup cannot expose another clinic's data. The blast radius of any single mistake is contained to that one clinic. |
| A vendor without a HIPAA agreement gets involved | We never use a vendor that hasn't signed a HIPAA-compliant data agreement with us. Your agreement with us covers our entire vendor chain — no surprise gaps. |
| A breach happens and notification is late | We have a documented process to notify you within the legally required window. We've drafted the notification templates in advance so the clock doesn't start before we're ready to act. |
| Patient data shows up somewhere it shouldn't | Our entire platform is engineered to never put patient data in places it doesn't belong — not in logs, not in URLs, not in notifications, not in analytics. We test for this continuously. |
If something goes wrong
No system runs forever without an incident. We've designed our recovery process so that, when one happens, you'd notice as little disruption as possible.
Back online quickly
If your environment goes down, we restore it within 4 hours. We test this commitment annually so it's not just a promise on paper.
Minimal data loss in the worst case
Your data is backed up continuously. In a worst-case incident, you wouldn't lose more than 1 hour of patient data.
Full backups, every day
A complete snapshot of your environment is taken every day and stored separately, encrypted, and tested for restore-ability.
Who at Quantal can access your data
We want to be honest about this, because plenty of vendors are not.
Our team has administrative access to operate the platform. That's necessary because we run it for you — when something breaks at 3 a.m., a Quantal engineer needs the ability to investigate. Pretending otherwise would be misleading.
What we don't do is read your patient data unless you ask us to. We don't browse charts. We don't run analytics across your patient population. The only times anyone on our team would look at a specific patient's record are: you've asked us to investigate something, you've reported a bug we need to reproduce, or there's an active security incident we're responding to.
And when any of that happens, every access is logged in your activity log. You can see exactly when one of us touched a patient record, who it was, and why. There are no hidden hatches.
What's next: we're working on giving customers cryptographic guarantees that even our team cannot access patient data without your explicit, per-incident consent. That's on the roadmap; it's not shipped yet. We'd rather tell you what we're building than claim we already offer it.
For your compliance team
If your security or compliance reviewer needs deeper detail — specific regulatory section citations, our subprocessor list with HIPAA agreement dates, breach-notification service-level commitments, or our recovery time and recovery point objectives — we have a security questionnaire we can share under NDA.
Email security@quantal-health.example and we'll send it over within one business day.
Have a security question we didn't answer?
Get straight answers from our security team — no marketing fluff.
Talk to security at Quantal