Trust & Security

Infrastructure & Hosting

Our production environment is hosted in:

Microsoft Azure – U.S. Data Centers (HIPAA-Eligible Services)

• Encryption at Rest: AES-256
• Encryption in Transit: TLS 1.2+
• Network Security: Azure Virtual Networks, Firewalls, Private Endpoints
• Access Controls: RBAC, MFA, Conditional Access, IP Restrictions
• Logging & Monitoring: Continuous audit logging, anomaly alerts, Azure Defender

Client-facing production systems are only accessible via secure login with Multi-Factor Authentication (2FA).

There is no public access to the LumaMDX.ai application environment.

Data Handling & PHI Protection

• PHI is only processed inside approved, encrypted Azure data environments.
• All access requires authentication + authorization.
• Administrative access is restricted to a minimal, audited security group.
• All actions are logged and reviewable upon request.

Vendor & System Integrations

We support secure integrations with:

• EHRs, oncology systems, and RCM platforms
• Clearinghouses and payer data exchange networks
• Claims, eligibility, and prior authorization APIs

All integrations follow:

• Least-privilege access
• Encrypted transport
• Formal authorization agreements

Security Documentation & Due Diligence

We provide the following upon request and/or under NDA:

Policy summaries (access management, incident response, encryption)

Security Architecture Overview

HIPAA Safeguards Summary

BAA Template

Incident Response Commitment

Should a security incident ever occur, we maintain:

Client notification protocols aligned with HIPAA breach notification rules

24/7 monitoring and detection capabilities

Defined escalation and containment procedures