Security & Data Residency

Objective: A deep dive for CISO, Privacy, and Legal teams to validate our security posture.

TL;DR: Security Commitments

• Residency: TA3-controlled environment (On-prem or US Cloud).
• Access: Least-privilege, role-based, fully audited.
• Personnel: US-only access option available for PHI support.
• Encryption: Encryption standards aligned with FIPS 140-2 at rest and in transit.

1. PHI Hosting Model

We support flexible deployment models to match your risk appetite:

1. TA3-Hosted: Containerized deployment within your firewall.
2. Segregated US Cloud: Dedicated single-tenant environment in AWS/Azure US regions, managed by Regain but controlled by TA3 keys.

2. Personnel Access Policy

• Default: No standing access to PHI.
• Support Access: "Break-glass" mechanism with time-bound, audited access for specific tickets.
• Citizenship: We can restrict PHI access to US-based personnel only if required by policy.

3. Security Controls

• RBAC: Granular role definitions mapping to hospital AD groups.
• Audit Logging: Immutable logs of every data access, export, and AI inference.
• Incident Response: Continuous security monitoring with defined response procedures and breach notification SLA.

4. Onboarding Checklist

• [ ] Receive TA3 Security Questionnaire
• [ ] Execute BAA and DUA
• [ ] Define Network Access Control List (ACL)
• [ ] Perform Penetration Test (if required)

Last Updated: 2026-01-20