Security Practices

NeuroCoder Pro is engineered from the ground up to protect patient privacy. Our architecture incorporates administrative, physical, and technical safeguards informed by industry standards, including those outlined in the Health Insurance Portability and Accountability Act (HIPAA). No Protected Health Information (PHI) is retained after processing.

Infrastructure Security

• Encryption In Transit: All data transmitted between your browser and our servers, and between our servers and our LLM partners, is encrypted using TLS 1.3.
• Encryption At Rest: While we do not store PHI, any user configuration or profile data in our databases is encrypted at rest using AES-256 blocks.
• Zero Data Retention Processing: Our proprietary LLM routing infrastructure is designed as a pass-through layer. The original operative note is held only in volatile memory (RAM) during inference and is destroyed immediately upon response generation.

Business Associate Agreements (BAAs)

We understand that covered entities require a BAA before utilizing software that touches PHI. We execute standard BAAs for all customers subscribed to our Pro or Scale tiers. Please contact our enterprise sales team at support@neurocoderpro.com to initiate the execution of a BAA.

De-Identification Pipeline

Before complex coding logic is applied, your input passes through our internal PHIRedactorAgent. This agent actively scans for the 18 categories of identifiers outlined in the Safe Harbor de-identification standard (e.g., patient names, DOBs, medical record numbers) and physically strips or masks them before the text is passed to any downstream diagnostic agents.