HIPAA Posture

How Ajentik supports HIPAA-aligned healthcare workflows

Last Updated: April 7, 2026

HIPAA Posture

Ajentik is designed to support HIPAA-aligned workflows for healthcare customers. We implement administrative, physical, and technical safeguards consistent with the HIPAA Security Rule. We are not "HIPAA certified" — no such certification regime exists.

Overview

This page describes Ajentik AI Pte. Ltd.'s HIPAA compliance posture. It is intended for healthcare customers, partners, and prospective Covered Entities evaluating Ajentik for use within HIPAA-regulated workflows.

Ajentik is not a Covered Entity under HIPAA. This page exists to make our safeguards, role, and Business Associate posture transparent.

Our Role

When Ajentik processes Protected Health Information (PHI) on behalf of a healthcare customer, we act as a Business Associate as defined by HIPAA. We do not collect PHI directly from individuals and we do not act as a Covered Entity.

Where a customer relationship requires Ajentik to receive, maintain, or transmit PHI, we will only do so under a signed Business Associate Agreement (BAA) that defines our permitted uses, safeguards, breach notification obligations, and subcontractor requirements.

Safeguards

We implement administrative, physical, and technical safeguards consistent with the HIPAA Security Rule (45 CFR Part 164, Subpart C).

Administrative Safeguards

• Designated security responsibility
• Workforce training on PHI handling
• Role-based access management
• Documented incident response procedures

Physical Safeguards

• Cloud infrastructure with audited facility controls
• Workstation use and access policies
• Device and removable-media controls
• Secure equipment decommissioning

Technical Safeguards

• Identity and access controls
• Audit logging of PHI access
• Data integrity controls
• Transmission security

BAA Availability

Business Associate Agreements are available on request for healthcare customers whose use of Ajentik involves PHI. Contact us at privacy@ajentik.ai to request a BAA. Use of Ajentik with PHI is not authorized until a BAA has been signed by both parties.

Security Posture

Data is encrypted in transit using TLS 1.3 and at rest using AES-256. Ajentik does not currently offer end-to-end encryption (E2EE).

Ajentik does not claim to be "HIPAA-aligned" through certification — no such certification regime exists. We describe our safeguards transparently and welcome diligence from healthcare customers and their security teams.

Contact

Privacy Contact

For questions about Ajentik's HIPAA posture or to request a Business Associate Agreement:

Ajentik AI Pte. Ltd. Email: privacy@ajentik.ai

Changes to This Page: We may update this page as our compliance posture evolves. The effective date at the top of the page reflects the most recent revision.

For more information about our data practices, please review our other compliance documents:

Questions? Contact our Data Protection Officer at dpo@ajentik.ai