MediChat is designed with security and privacy safeguards aligned with the HIPAA Security Rule — including AES-256 encryption at rest, TLS in transit, role-based access controls, and audit logging. We offer Business Associate Agreements (BAA) to eligible customers on Professional and Enterprise plans. However, we do not claim HIPAA certification (no such official designation exists), and use of MediChat does not by itself make your practice compliant. Compliance is the responsibility of each covered entity. See our HIPAA & Regulatory page for full details.