Trust & Security

🔒 AWS BAA Active

☁ AWS Bedrock (HIPAA)

🛡 End-to-End Encrypted

🇺🇸 Hosted in N. Virginia (AWS us-east-1)

Built on AWS Bedrock. HIPAA from the ground up.

Our HIPAA compliance isn't bolted on after the fact. It's the architectural foundation that every other decision is built on top of.

Scripta runs on AWS Bedrock, Amazon's HIPAA-eligible managed AI service, with an active Business Associate Agreement on file. All AI inference happens within the BAA boundary. Data is encrypted in transit and at rest. No patient data is persisted after processing. We chose AWS Bedrock specifically because it provides HIPAA-eligible access to frontier AI models without requiring us to manage model infrastructure or compromise on compliance.

Your patient data stays in your pharmacy

Scripta is designed so patient identifiers never leave your pharmacy's computer. Only clinical fields — drug, sig, quantity, dates — are sent to our server. Names, dates of birth, and addresses stay on your machine.

What Scripta Receives

Clinical fields only — the minimum needed to process a prescription:

Drug name and strength
Sig / directions
Quantity prescribed
Prescriber name and NPI
Date written and refill information

What Scripta Does NOT Receive

Patient identifiers are stripped locally before any data leaves your machine:

Patient name
Date of birth
Address
Medical record number (MRN)
Insurance information
Prescriber identifiers beyond NPI

Your Pharmacy

Patient data stays here

Reads PMS screen locally
Strips all patient identifiers
Sends only clinical fields
Pharmacist verifies all output

→

Clinical
fields only
(no PHI)

AWS — HIPAA BAA Covered

All processing stays inside AWS

Scripta Server

AWS App Runner · No data persisted

Applies your pharmacy's rules
Processes via AWS Bedrock
Returns structured result
No data stored after response

→

Internal
AWS call

AWS Bedrock

Frontier AI Inference

AI model processes request
Encrypted end-to-end
No data persisted after call
Active BAA on file

Authentication and access control

Every pharmacy gets isolated credentials. No shared secrets, no shared infrastructure.

🔑

Per-Pharmacy API Keys

Each pharmacy receives unique API credentials. Keys are rotatable, revocable, and scoped to that pharmacy's data only.

🛡

Least-Privilege IAM

AWS IAM policies follow the principle of least privilege. Each service component can only access the resources it needs to function — nothing more.

🔒

No Shared Secrets

Credentials are never shared between pharmacies, environments, or team members. Secrets are managed through AWS Secrets Manager with automatic rotation.

Audit and logging

Every prescription Scripta touches produces a self-contained audit record — one record per Rx, designed so a compliance reviewer can see exactly what happened without any specialized tools.

What Every Audit Record Contains

Each record captures the full story of one prescription:

Every action the bot took — what it read, what it typed, and what it flagged
Every field boundary it enforced — which data was sent to the server and which stayed on your machine
The final verdict — pass or fail, with the reasons

What Is Never Recorded

Patient identifiers are automatically redacted at write time — not after the fact, but before the record is created:

Patient name
Date of birth
Address
Medical record number (MRN)
Insurance information
Prescriber last name

If a PHI field is present, it is replaced with a redacted placeholder so auditors can confirm the field existed without ever seeing the value.

📑

One Record Per Rx

Every prescription gets its own self-contained audit record — readable without specialized tools. Your compliance team can review any Rx in seconds.

🔍

Searchable History

Find any audit record quickly. Search by date range, drug, or outcome. Aggregate stats show clean vs. flagged fills at a glance.

🛡

Server Boundary Proof

Every record documents exactly which data crossed the network and which stayed local — a provable record that PHI never left your pharmacy.

📨

Flag Digests

Get a summary of every error Scripta caught — hourly, daily, or on your own schedule. Delivered to Microsoft Teams, Discord, email, or wherever your team already communicates. No extra logins, no dashboards to check.

Incident response

We plan for the worst so our pharmacy partners don't have to. Clear timelines, no ambiguity.

Detection

Automated. Continuous monitoring via CloudWatch detects anomalies, errors, and potential security events in real time.

Containment

<1 hour. Affected services are isolated immediately. Pharmacy operations continue uninterrupted — Scripta can be disabled instantly with no side effects.

Notification

<24 hours. Affected pharmacy partners are notified with a clear description of the incident, its scope, and any actions required on their end.

Investigation

<72 hours. Root cause analysis begins immediately. Preliminary findings are shared with affected partners within three business days.

Resolution

<7 days. Remediation is implemented, verified, and documented. A final incident report is provided to all affected partners.

Sub-processors

A complete list of third parties that process data on behalf of Scripta Health.

Provider	Purpose	Data Access
Amazon Web Services (AWS)	Cloud hosting, AWS Bedrock (AI inference), CloudWatch (monitoring)	Clinical fields only — encrypted in transit and at rest, BAA active
AI model inference (via AWS Bedrock)	Frontier AI models for prescription processing, accessed exclusively through AWS Bedrock's managed interface	Clinical fields only — accessed within the AWS Bedrock BAA boundary, no data persisted after processing
GitHub	Source code management	Source code only — no customer data, no clinical data, no PHI