Security & compliance

Built compliant, not patched compliant.

Prescriptions move through real patients. We treat the controls that protect them as part of the product, not an afterthought bolted on before a deal closes. Here is exactly how we handle PHI, approvals, and access — and what we have done versus what we are still finishing.

Where we stand

Every control, verified as you read.

We would rather show you the controls one at a time than wave a badge. Scroll through — each one checks off as it is confirmed.

Compliance checklist

0 of 8 controls verified

  1. A licensed provider approves every order

    Pending

    Nothing reaches the pharmacy unsigned. A human clinician reviews and authorizes each order — no auto-submit, no bypass.

  2. HIPAA-aligned by design

    Pending

    Controls are built into the product from the start, not bolted on before a deal. PHI is treated as PHI everywhere it moves.

  3. BAAs front every PHI data flow

    Pending

    We sign a Business Associate Agreement with your clinic, and with every subprocessor before any protected data touches it.

  4. Full, append-only audit trail

    Pending

    Every order, edit, and approval is logged and timestamped — who drafted, who approved, and when it shipped.

  5. Encryption in transit and at rest

    Pending

    TLS 1.2+ on the wire, AES-256 on disk, with keys held in a managed KMS separated from the data they protect.

  6. Least-privilege access with MFA

    Pending

    Role-scoped access across the platform, reviewed and revoked when no longer needed. MFA is required on every account.

  7. PHI minimized, never tracked

    Pending

    We collect only what an order needs to be filled, and keep third-party ad and analytics trackers off every PHI surface.

  8. The compounding pharmacy is disclosed

    Pending

    Every order names the licensed compounding pharmacy that fills it. We never let copy imply a compounded drug is FDA-approved.

The control that matters most

A licensed provider approves every order. Always.

Human in the loop

Nothing reaches the pharmacy unsigned.

The order draft sits in a holding state until a licensed provider reviews it and taps approve. No order is ever auto-submitted to be filled.

Non-bypassable

There is no setting to turn it off.

The approval gate is enforced in the system itself, not in policy. There is no admin toggle, no bulk auto-approve, no API path that skips it.

The AI drafts. It never decides.

A draft is a draft until a human signs it.

Software assembles the order so the provider reads instead of retypes. The clinical decision — and the legal authorization — stays with the licensed provider every time.

HIPAA & BAAs

PHI stays inside systems covered by a signed BAA.

Minimized by design

We collect the protected health information an order needs to be filled, and no more. PHI is kept out of analytics, marketing, and support tooling that does not need it.

BAAs front the data flow

Every vendor that can touch PHI signs a Business Associate Agreement before it goes live. No PHI moves through a system we do not have a BAA with. See our subprocessors.

We sign with you

neolife acts as a Business Associate to your clinic. We will execute a BAA with you before you send a single real order.

Your data is yours

Every order is captured as your record. You can export it any time, and a BAA termination triggers a defined return-or-destroy process.

Data handling & encryption

Encrypted on the wire and on disk.

In transit

TLS 1.2+

All traffic to and from neolife is encrypted in transit. Plain HTTP is rejected.

At rest

AES-256

Stored data is encrypted at rest with keys managed in a cloud KMS, with rotation and access logging.

Key management

KMS-backed

Encryption keys are held in a managed KMS, separated from the data they protect. No keys live in application code.

Audit & logging

Every order leaves a trail.

We log the lifecycle of each order — when it was captured, what changed, who approved it, and when it shipped. Logs are append-only and timestamped.

  • Who drafted, edited, and approved each order
  • The approving provider, with a timestamp
  • Access to PHI, recorded for review

Access control

Least privilege, with MFA.

People see what their role requires and nothing more. Access is scoped, reviewed, and revoked when it is no longer needed.

  • Role-based access control across the platform
  • MFA required on every account
  • Provider approval rights granted by role, not by request

No health-context tracking

No third-party trackers where PHI lives.

HHS OCR has been clear that loading third-party advertising and analytics trackers onto pages that handle protected health information can itself be a disclosure of PHI. We do not put those trackers on order, approval, or patient-data surfaces. The software that handles a prescription is not wired to an ad network.

Compounding & regulatory disclosures

We say what compounded means.

Compounded medications are not FDA-approved.

Compounded preparations are made by a licensed compounding pharmacy and are not reviewed or approved by the FDA the way manufactured drugs are. We do not blur that line, and we do not let copy imply otherwise.

The compounding pharmacy is named.

We disclose the compounding pharmacy that fills the order. Read the full language in our disclosures.

The diligence checklist

The questions to ask any fulfillment platform. Including us.

Before you route a single prescription through anyone's software, get these answered in writing. Our answers are on this page and the pricing page.

  • How does the platform make money on my prescriptions? Is the fee flat, published, and clinic-paid — or value-linked, undisclosed, and pharmacy-funded?
  • Who chooses the pharmacy — my rules, or the platform's margin? Will they contractually warrant routing neutrality?
  • Are orders patient-specific and provider-approved, or bulk office-use? Can any order reach a pharmacy unsigned?
  • What artifact proves provider approval — a log line, or a tamper-evident per-order certificate a third party can verify?
  • Is there a named legal entity in the terms, and will they sign a BAA before real patient data moves?
  • Does the platform hold my funds, my patient records, or my order history? Can I export everything the day I leave?
  • What happens to my orders if my pharmacy has a bad inspection — is there a second connection to fail over to?
  • What percentage of the platform's volume rides on one drug category, and what's the plan when regulation reprices it?

Subprocessors

We publish who touches your data.

The vendors that process data on our behalf are listed publicly, each under a signed BAA where PHI is involved.

View subprocessors

Send us your security questionnaire. We will sign the BAA.

No vague assurances. Real answers, real documents, before you move a single patient onto the rail.