Heliox
04 · Security

Designed for the most regulated environment.

Heliox is built on the assumption that an auditor, regulator, or clinical board may review every action the platform took on a patient's behalf.

Certifications
8
Encryption
AES-256
Pen tests / yr
4
Security infrastructure
Audit completeness
100%
Live deployments
01 · Principles

  • Clinically supervised

    Heliox agents propose, clinicians approve. Autonomous execution is opt-in, scoped, and audited per workflow.

  • Encrypted end-to-end

    AES-256 at rest, TLS 1.3 in transit, customer-managed keys (BYOK), and field-level encryption for PHI.

  • Identity-aware

    Single sign-on through Okta, Azure AD, Ping, or Auth0. Granular RBAC down to chart-level scopes.

  • Provable provenance

    Every AI action is hash-chained to its source records. Reconstruct any decision down to the byte.

  • Continuously audited

    Quarterly third-party penetration testing. Continuous internal red-team. 24/7 SIEM and SOC monitoring.

02 · Certifications

Audited, accredited, deployed.

Our security and compliance posture is verified by independent auditors and refreshed continuously. Reports are available under NDA.

  • HIPAA
    Privacy & Security Rules
  • HITRUST
    r2 Certified
  • ISO 27001
    Information Security
  • ISO 27701
    Privacy Information
  • SOC 2
    Type II
  • GDPR
    Compliant Processing
  • MDR
    Class IIa
  • PDPA
    Singapore
03 · Trust Center

Documents, attestations, and reports.

  • SOC 2 Type II ReportQ1 2026
  • HITRUST r2 CertificateActive · Mar 2026
  • Penetration Test SummaryApr 2026
  • Sub-processor ListUpdated weekly
  • AI Model Governance Policyv3.2
  • Business Continuity PlanReviewed Q2 2026
05 · Begin a deployment

Build the OS for your health system.

Talk with our solutions team about deployment architecture, clinical pilots, and security review. Most pilots begin within 4–6 weeks.

Request accessEnterprise plans
Begin a partnership
Pilot to production
4–6 wks