NxtPivot
Book a demo

Compliance

HIPAA-compliant from day one. PHI never leaves the boundary.

NxtPivot was built specifically for medical-billing workloads, which means the security posture is not a feature, it is the foundation. Every inference call runs inside a HIPAA-eligible cloud, every action is audited per claim, and our internal redaction boundary keeps PHI out of any non-eligible path.

BAA-backed inference

Every model call runs inside a HIPAA-eligible cloud boundary with a Business Associate Addendum in place. PHI in your data is covered the moment it enters the system.

PHI redaction boundary

Internal redaction layer keeps PHI out of any non-HIPAA-eligible inference path. Dev and test environments never see real patient data.

Per-claim audit trail

Every agent action is logged at the claim level: inputs, prompts, outputs, model used, cost, and latency. Your compliance officer reads the same trail your biller does.

Encrypted in-transit and at-rest

TLS 1.3 in flight. AES-256 with customer-managed keys at rest. Standard cloud primitives, configured to HIPAA spec, no shortcuts.

What we do, and what we will never do.

We are explicit about both. Compliance is easier when the boundaries are written down.

We do
  • Sign a Business Associate Addendum before any PHI is exchanged.
  • Run all inference in a HIPAA-eligible cloud boundary.
  • Encrypt data in-flight and at-rest with customer-managed keys.
  • Log every agent action at the claim level for audit.
  • Maintain a documented PHI redaction boundary between prod and dev.
  • Make our security posture available to your compliance officer on request.
We do not
  • Train foundation models on your data. Ever.
  • Move PHI across cloud boundaries that are not HIPAA-eligible.
  • Send PHI in marketing emails, sales decks, or screenshots.
  • Ask you to send raw PHI before a BAA is signed.
  • Take any outbound action (payer contact, claim submission, eligibility query) without explicit written authorization in the BAA.
  • Skip an audit log to make a demo look snappier.
Free leak assessment

We will size your leak. No PHI moves until paperwork is signed.

Here is how it works, in order, with the compliance step first:

  1. 1

    Sign a Business Associate Addendum with us.

    Standard 2-page BAA. Your compliance officer or counsel can review before signing. Nothing else happens until this is in place.

  2. 2

    Send a standard report through the BAA-covered channel.

    A denial summary, an AR aging, an 835 ERA, a self-pay write-off list. Whatever you already pull from your EHR or clearinghouse. We do not need a custom export.

  3. 3

    We return a full leak assessment, sized for your book.

    Denial gap (in $), eligibility gap (Found Money), AR-priority leak. Sized in dollars, ranked by ROI to chase first. Free of charge. No sales cycle, no obligation.

Request the BAA + assessment