HIPAA Compliance & Business Associate Agreement (BAA)
For healthcare organizations, a signed Business Associate Agreement is one of the most important trust signals when choosing an LMS. BrainCert is compliant with Health Insurance Portability and Accountability Act (HIPAA) security requirements, and BrainCert signs a Business Associate Agreement (BAA) with customers who need to securely process and store Protected Health Information (PHI) in the BrainCert Cloud.
Under the BAA, BrainCert safeguards PHI in line with the HIPAA Security Rule — using and disclosing PHI only as necessary to deliver the service, notifying customers of any unauthorized use or breach, and supporting individuals' rights to access, amend, and account for disclosures of their PHI. Our platform is hosted on AWS with data encrypted in transit (TLS 1.2/1.3) and at rest (AES-256), protected by zero-trust access controls and regular third-party penetration testing.
Beyond HIPAA, BrainCert maintains SOC 2 Type II, ISO/IEC 27001:2013, and GDPR certifications. Learn more about our enterprise-grade security program and full compliance posture on our Security & Compliance page, or request a BAA through your account to begin processing PHI with confidence.