Security & Compliance

Security and compliance, by design.

GeriCloud handles protected health information on a HIPAA-aligned AWS architecture. Security built in, not bolted on.

HIPAA posture

We operate as a Business Associate to covered-entity practices. Business Associate Agreements (BAAs) are signed with every customer.

Authentication

Amazon Cognito user pools with MFA and TOTP support. Every session is authenticated and time-limited.

Encryption

Data encrypted at rest and in transit via AWS KMS.

Data resilience

DynamoDB point-in-time recovery, AWS Backup, and S3 encryption.

Network and monitoring

AWS WAF and API access logging. Anomalous patterns surface in alerts.

Tenant isolation

Isolation enforced on every database query. One tenant cannot reach another's data.

Infrastructure

Built on AWS Amplify. Data in DynamoDB and Aurora PostgreSQL. OpenSearch for activity search. All services deployed with geo-redundant backup.

AWS AmplifyDynamoDBAurora PostgreSQLOpenSearchCognitoAWS KMSWAF