Request a Demo
Request a Demo

Trust & Security

Luma MDX Solutions Inc. is committed to protecting patient privacy, securing clinical and financial data, and ensuring compliance across all our healthcare software platforms. We design our systems to meet or exceed the rigorous security expectations of medical practices, payers, and health systems.

Our Security Principles

  • Patient and organizational data belong to our clients
  • Data is secured using industry-standard encryption in transit and at rest
  • Access is limited, purposeful, audited, and always role-based
  • We do not store or process PHI unless a Business Associate Agreement (BAA) is executed
Infrastructure & Hosting

Our production environment is hosted in:
Microsoft Azure – U.S. Data Centers (HIPAA-Eligible Services)

  • Encryption at Rest: AES-256
  • Encryption in Transit: TLS 1.2+
  • Network Security: Azure Virtual Networks, Firewalls, Private Endpoints
  • Access Controls: RBAC, MFA, Conditional Access, IP Restrictions
  • Logging & Monitoring: Continuous audit logging, anomaly alerts, Azure Defender

Client-facing production systems are only accessible via secure login with Multi-Factor Authentication (2FA).
There is no public access to the LumaMDX.ai application
environment.

Compliance & Privacy

We support and align with the following:

  • HIPAA Security Rule
  • HIPAA Privacy Rule
  • HITECH Act
  • NIST Cybersecurity Framework (CSF)
  • Principles of Zero-Trust Access

A Business Associate Agreement (BAA) is available for clients and partners. We do not share, sell, or use client data for advertising or external analytics.

Data Handling & PHI Protection
  • PHI is only processed inside approved, encrypted Azure data environments
  • All access requires authentication + authorization
  • Administrative access is restricted to a minimal, audited security group
  • All actions are logged and reviewable upon request
Vendor & System Integrations

We support secure integrations with:

  • EHRs, oncology systems, and RCM platforms
  • Clearinghouses and payer data exchange networks
  • Claims, eligibility, and prior authorization APIs

All integrations follow:

  • Least-privilege access
  • Encrypted transport
  • Formal authorization agreements
Security Documentation & Due Diligence

We provide the following upon request and/or under NDA:

  • Policy summaries (access management, incident response, encryption)
  • Security Architecture Overview
  • HIPAA Safeguards Summary
  • BAA Template
Incident Response Commitment

Should a security incident ever occur, we maintain:

  • Client notification protocols aligned with HIPAA breach notification rules
  • 24/7 monitoring and detection capabilities
  • Defined escalation and containment procedures
Contact
For security inquiries or compliance requests:

Email: info@lumamdx.com

Website: https://LumaMDX.com

Platform Access: info@lumamdx.com (authorized organizations only)

© 2026 LumaMDX Solutions Inc. All rights reserved.