Skip to content
HIPAASecurity

Your Residents' Data is Protected

Marpass is built from the ground up for HIPAA compliance. Every feature, every server, every line of code is designed to keep your residents' information safe.

AES-256
encrypted
3+ yrs
retention
24/7
audit log
HIPAA
Compliant
HIPAA Compliance

Six Layers of Protection

Every aspect of Marpass is designed to meet and exceed HIPAA requirements for protected health information.

01

AES-256 Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Your residents' information is protected at every layer, whether stored in our database or traveling between your device and our servers.

02

HIPAA-Aligned Agreements

We take our responsibilities under HIPAA seriously and back them with the right agreements. Reach out and our team will walk you through what that looks like for your organization.

03

Role-Based Access Control

Owners, caregivers, and family members each see only what they need. Granular permissions ensure that sensitive medical data is accessible only to authorized personnel.

04

Complete Audit Trail

Every action in Marpass is logged with a timestamp and user ID. Who administered a med, who updated a care plan, who viewed a record -- it is all tracked for compliance and accountability.

05

AWS HIPAA-Eligible Infrastructure

Marpass runs on Amazon Web Services HIPAA-eligible services. Our infrastructure meets the highest standards for healthcare data hosting, with redundancy and disaster recovery built in.

06

State-Required Data Retention

Per state requirements for adult family homes and assisted living (a minimum of 3 years post-discharge in Washington), Marpass retains all care records for as long as your state requires. Data is automatically backed up and preserved even if you close your account.

AI Security

How We Handle AI Processing

When our AI reads a doctor order, the image is processed securely through Anthropic's HIPAA-compliant API.

Your protected health information is never used to train AI models. Images are processed in real-time and are not stored by Anthropic after processing is complete.

  • Processed through a HIPAA-compliant AI provider
  • PHI is never used for model training
  • Images processed in real-time, not stored by AI provider
  • All AI outputs reviewed by caregivers before saving
AI Order Reading Flow
End-to-end encrypted pipeline
1
Photo captured on device
Encrypted before leaving your phone
2
Sent via TLS 1.2+ to Marpass servers
Encrypted in transit
3
Processed by Anthropic Claude
HIPAA-compliant API, no data retention
Results returned for caregiver review
Human confirmation before any record is saved

Your Data Belongs to You

You own your data, period. Export all your records at any time in standard formats. We never sell, share, or monetize resident data. If you leave Marpass, your data leaves with you.

Full data export anytime
No data selling or sharing
Data portability guaranteed
Compliance & Certifications
HIPAA Compliant
Audit Logged
AES-256 Encrypted
AWS Hosted

Legal Documents

Review our legal agreements and policies.

Security questions?

Our team is happy to walk you through our security practices, share our security documentation, or discuss your specific compliance needs.