Skip to content
LynxMediq

Security and compliance

Patient data protected by design

Security is part of the architecture, not a feature bolted on later. Encryption, access control, isolation, and audit logging run underneath every module, and the platform is built to support your own compliance program.

Request a demo Read the FAQ

Controls

The safeguards a healthcare platform should have

Each area below is part of how LynxMediq is built and operated.

Data protection

  • Encryption in transit and at rest
  • Tenant isolation between organizations
  • Configurable data residency and retention
  • De-identification for research and external sharing

Access control

  • Role-based access control
  • Single sign-on with SAML and OpenID Connect
  • Least-privilege service accounts
  • Session, device, and IP controls

Auditability

  • Immutable audit logs for views, edits, and AI actions
  • AI findings traced to a specific model and version
  • Exportable access and activity reports
  • Break-glass access with review

Compliance posture

  • Designed for HIPAA safeguards
  • Designed to address GDPR requirements
  • Aligned with India DPDP Act 2023
  • Documentation to support your security reviews

Compliance posture

Designed for compliance, honest about what that means

There is no certification that makes software HIPAA compliant on its own. LynxMediq implements the safeguards the rules call for and gives your team the controls and documentation to run a compliant program. We are careful not to overclaim: AI is decision support with a physician in the loop, not autonomous diagnosis.

  • Designed for HIPAA administrative, physical, and technical safeguards
  • Designed to address GDPR requirements for EU health data
  • Aligned with India DPDP Act 2023
  • Business associate agreement available
  • Documentation to support your security and procurement reviews

Deployment

Run it the way your policies require

Data residency, isolation, and storage are configurable, so the deployment can match what your organization and your regulators expect.

  • Multi-tenant cloud with isolation between organizations
  • Configurable data residency by region
  • Private or dedicated deployment for stricter requirements
  • Hybrid storage from on-premise disk to managed cloud

FAQ

Questions security and procurement teams ask

Is LynxMediq HIPAA compliant?
There is no official HIPAA certification for software. LynxMediq is designed for HIPAA compliance and implements the administrative, physical, and technical safeguards the rules call for, including encryption, access control, and audit logging. We support your own HIPAA program with documentation and a business associate agreement.
Where is our imaging data stored?
You choose. LynxMediq runs on cloud infrastructure with configurable data residency, and imaging can be archived on local disk, network storage, S3-compatible object storage, or AWS HealthImaging depending on your requirements.
Is LynxMediq a regulated medical device?
The imaging, workflow, and interoperability features are clinical software rather than a diagnostic device. AI models that interpret images carry their own regulatory status, set by the model developer. Every AI-assisted finding in LynxMediq is reviewed by a physician before it reaches a report.
How do you handle AI governance?
Every model runs through orchestration that records which model and version produced a finding, along with confidence scores and a full audit trail. Sites can validate a model on their own data before enabling it, and can review or disable any model at any time.
Can LynxMediq help us meet GDPR and India DPDP requirements?
LynxMediq is designed to address GDPR and India DPDP Act 2023 requirements, with encryption, access controls, audit trails, de-identification, and configurable retention. Your data protection team stays in control of residency and processing.

Bring your security questions

We are happy to walk your security and compliance team through the architecture in detail.

Request a demo Explore the platform