Free Adequacy Audit

Get yours free
Blueprint
Security & Compliance

Your data is safe. Your patients' data is protected.

Blueprint is built for health plans that operate in regulated environments. Security isn't an afterthought — it's in the architecture.

HIPAA AlignedSOC 2 Type II CertifiedAES-256 Encryption

Security Architecture

Built on a secure foundation.

Encryption at Rest & in Transit

All data encrypted with AES-256 at rest. All traffic encrypted with TLS 1.3 in transit. Keys managed via hardware security modules.

Access Controls

Role-based access control (RBAC) at the user and team level. Granular permissions for Build Lead, Contracting, Credentialing, and Observer roles. SSO support.

Audit Logging

Every action in Blueprint is logged with user, timestamp, and IP. Full audit trail for regulatory reviews and internal compliance.

Infrastructure

Hosted on SOC 2 Type II certified cloud infrastructure. Automatic failover, daily backups, 99.9% uptime SLA.

Incident Response

24-hour incident response SLA. Dedicated security team on-call. Customers notified within 72 hours of any confirmed breach.

Data Retention & Deletion

Configurable retention policies. Data deletion upon contract termination within 30 days. Detailed data processing agreements available.

HIPAA

Built for HIPAA-regulated environments.

Provider data handled in Blueprint may include PHI. Blueprint is designed to support your organization's HIPAA obligations — with data isolation, access controls, BAA availability, and audit trails that your compliance team can rely on.

BAA available on Enterprise plans

What's included

  • Business Associate Agreements (BAA) available on Enterprise plans
  • PHI data isolation at the tenant level
  • Role-based access prevents unauthorized PHI exposure
  • Audit logs meet HIPAA minimum necessary requirements
  • Employee security training and background checks
  • Data processing agreements available on request

Compliance

Our compliance posture.

StandardStatusDetails
HIPAABAA AvailableBusiness Associate Agreements available for Enterprise customers
SOC 2 Type IICertifiedType II audit completed Q4 2025. Report available to Enterprise customers under NDA.
NIST CSFAlignedSecurity controls mapped to NIST Cybersecurity Framework
CCPACompliantCalifornia Consumer Privacy Act controls implemented
GDPRNot ApplicableUS-only customer base; GDPR controls not required

Questions about security?

Our team is happy to walk through our security documentation, answer your compliance team's questions, and provide a BAA if needed.

Contact Us Schedule a Demo