Legal
HIPAA Notice
Last updated: June 2026
Deosai, Inc. handles protected health information (PHI) on behalf of the practices we serve. When we do, we act as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA) and the terms of a Business Associate Agreement (BAA).
Our commitments
- We use and disclose PHI only as permitted by our BAA and applicable law.
- We apply administrative, physical, and technical safeguards to protect PHI, including encryption in transit and at rest.
- We enforce role-based, least-privilege access and maintain audit logs of access to PHI.
- Coding is human-in-the-loop — Deosai never bills unattended, and every recommendation cites the documentation that supports it.
De-identified data
For evaluations such as the revenue assessment, we request de-identified data and provide secure transfer instructions.
Incident response
We maintain documented procedures for monitoring and responding to security incidents, and will notify affected practices as required by our BAA and applicable law.
Contact
For HIPAA or security questions, or to request our security package under NDA, email hello@deosai.ai.