LenzABALenzABA
Security and Trust

Built for healthcare operations from day one.

If a platform is going to sit this close to clinic operations, it has to earn trust in the details.

HIPAA-compliantHash-chained auditRBAC
Audit + access proof
Tamper-evident actions and role boundaries

Trust page should show product evidence, not only security claims.

Audit chain
SHA-256 linked
09:12:44
BCBA approved treatment-plan revision
hash_7a9c...42f1
09:03:17
Billing lead exported remit exception queue
hash_11cc...9ab0
08:48:03
RBT role denied docs approval permission
hash_3de1...778a
Role matrix
RBTSession capture only
BCBAClinical review + approval
BillingClaims/remits, no clinical note edits
Customer trust workflow
BAA review packet ready
Security questionnaire in progress
Incident response owner assigned

How we protect your data

Security built into the architecture

HIPAA-Compliant Infrastructure

Built with healthcare compliance requirements from the architecture level. Encryption at rest and in transit. No PHI in logs. Minimum-necessary access patterns.

Audit Logging

Every significant action is recorded with full context. SHA-256 hash-chained audit events for tamper-evident history. Exportable for compliance review.

Role-Based Access Control

Fine-grained permissions tied to clinical and operational roles. BCBAs, RBTs, admins, and owners each see exactly what they need.

Data Protection

Clinical and operational data secured with AES-256 encryption. PHI tokenization layer. Parent portal access via time-limited, scope-restricted tokens.

Our commitment

HIPAA compliance as a foundation, not a feature.

LenzABA is HIPAA-compliant across administrative, physical, and technical safeguards. We maintain a Business Associate Agreement (BAA) with every customer.

  • BAA available for every customer
  • SOC 2 in progress
  • Regular penetration testing
  • Incident response plan

Security proof

Security claims should come with product evidence.

Audit + access proof
Tamper-evident actions and role boundaries

Trust page should show product evidence, not only security claims.

Audit chain
SHA-256 linked
09:12:44
BCBA approved treatment-plan revision
hash_7a9c...42f1
09:03:17
Billing lead exported remit exception queue
hash_11cc...9ab0
08:48:03
RBT role denied docs approval permission
hash_3de1...778a
Role matrix
RBTSession capture only
BCBAClinical review + approval
BillingClaims/remits, no clinical note edits
Customer trust workflow
BAA review packet ready
Security questionnaire in progress
Incident response owner assigned

Questions about security?

We are happy to walk through our security architecture, review the BAA, or answer compliance questions your legal or IT team may have.

Book a DemoReview our BAA