Security
Last updated: April 11, 2026
Justified is built for healthcare. Security and compliance are not afterthoughts — they are architectural decisions made from the beginning.
HIPAA Compliant
Full HIPAA compliance with Business Associate Agreements (BAAs) available for all customers.
Encryption
All data encrypted in transit (TLS 1.2+) and at rest (AES-256). No exceptions.
No Model Training
Patient data is never used to train or fine-tune AI models. Your clinical data stays yours.
Access Controls
Role-based access control ensures only authorized users can create, review, and export appeals.
Audit Logging
Every action is logged — appeal creation, edits, reviews, and exports — for full compliance traceability.
Data Residency
All data is processed and stored within the United States on SOC 2 Type II certified infrastructure.
Infrastructure
Justified runs on SOC 2 Type II certified cloud infrastructure with automated backups, intrusion detection, and vulnerability scanning.
Incident Response
We maintain a documented incident response plan. In the event of a security incident involving PHI, affected customers will be notified within 72 hours as required by HIPAA.
Responsible Disclosure
If you discover a security vulnerability, please report it to security@justifiedhealth.com. We take all reports seriously and will respond within 48 hours.
Questions
For security documentation or to request our BAA, contact security@justifiedhealth.com.