How does Burna AI handle patient data?

PHI is encrypted at rest and in transit; access is role-scoped and organisation-isolated; PHI never appears in logs or AI training pipelines. Patient data flows from the customer's EHR through SMART on FHIR, is processed inside Burna AI's HIPAA-compliant, SOC 2 certified infrastructure, and is retained per the customer's data retention policy. Burna AI signs Business Associate Agreements with every customer who is a Covered Entity or Business Associate under HIPAA.