Security and Compliance.
HIPAA-aligned security readiness — our stage-appropriate approach to data protection.
Note:Neurona 28 is a pre-revenue MVP in private testing. We are HIPAA-aligned in posture and intent. Items marked “Planned Baseline” are scheduled for implementation before any public launch. We will not overstate our readiness.
Security measures
| Category | Measure | Status |
|---|---|---|
| PHI Minimization | Users instructed to avoid identifiers. No EHR integration at this stage. | Active |
| Encryption | AES-256 at rest, TLS 1.2+ in transit. | Planned Baseline |
| Audit Logging | All user actions logged with timestamps. | Planned Baseline |
| Data Retention | Defined retention windows with deletion procedures. | Planned Baseline |
| Vendor DPAs | Data Processing Agreements with all third-party services. | In Progress |
| Access Controls | Role-based access, MFA for admin. | Planned Baseline |
| Penetration Testing | Planned before public launch. | Pre-Launch |
PHI Input Guide
Do not enter protected health information (PHI). Here are examples of what is acceptable and what is not.
OK to enter
- DM2, HTN, CKD — eGFR 38
- HF on problem list, no decompensation in A/P
- BMI 42, weight management counseling
- Patient 67M, depression on problem list, sertraline 100mg
Clinical observations without identifiers
Do NOT enter
- John Smith, DOB 01/15/1957
- SSN: 123-45-6789
- MRN: 456789 — Mary Rodriguez
- Patient at Hospital General de PR, room 412
Names, dates of birth, SSNs, MRNs, locations
This page describes our security intentions and planned measures. It is not a certification or warranty. Security posture will evolve as the product matures.
Join the first cohort.
We are onboarding a select group of risk adjustment professionals in Puerto Rico. Request early access to be considered.
- Evidence-gated — no guessed codes
- V28-native from day one
- Built for Puerto Rico's clinical workflow