<!-- BREADCRUMB -->
<nav class="breadcrumbs" aria-label="Breadcrumb">
<div class="container">
<a href="/">Home</a> <span aria-hidden="true">›</span> <span>Security</span>
</div>
</nav>
<!-- HERO -->
<section class="hero">
<div class="container">
<div class="hero-split">
<div class="hero-text">
<span class="section-label">Security & Compliance</span>
<h1>Enterprise-Grade Security for Healthcare</h1>
<p class="subhead">HIPAA, SOC 2, BAA. Every transaction encrypted. Every access logged. Full audit trail.</p>
<p>Healthcare data requires more than security theater. ANKA processes Protected Health Information (PHI) and financial data daily. We comply with the regulations that govern it, and we go beyond compliance. Zero data breaches. 100% uptime SLA. Real-time encryption.</p>
</div>
<div class="hero-visual">
<img src="/mockups/hero-security.svg" alt="ANKA security and compliance certifications including HIPAA, SOC 2 Type II, BAA, and encryption standards" class="hero-visual-svg">
</div>
</div>
</div>
</section>
<!-- COMPLIANCE FRAMEWORK -->
<section class="section section-white">
<div class="container">
<div class="section-header">
<span class="section-label">Certifications</span>
<h2>The standards we meet (and exceed)</h2>
</div>
<div class="compliance-badges">
<div class="compliance-badge">
<div class="card-icon"><svg><use href="#icon-security"/></svg></div>
<h3>HIPAA Compliant</h3>
<p>Full compliance with the Health Insurance Portability and Accountability Act. Business Associate Agreement required before any PHI transfer. Administrative, physical, and technical safeguards in place.</p>
</div>
<div class="compliance-badge">
<div class="card-icon"><svg><use href="#icon-denials"/></svg></div>
<h3>SOC 2 Certified</h3>
<p>Type II certification. Independent third-party audit confirms our controls over security, availability, processing integrity, confidentiality, and privacy. Audited annually.</p>
</div>
<div class="compliance-badge">
<div class="card-icon"><svg><use href="#icon-guarantee"/></svg></div>
<h3>Business Associate Agreement</h3>
<p>BAA in place before any data transfer. Specifies your obligations, our obligations, and the permitted uses and disclosures of PHI. Standard HIPAA BAA language with no exceptions.</p>
</div>
<div class="compliance-badge">
<div class="card-icon"><svg><use href="#icon-payer"/></svg></div>
<h3>US Data Residency</h3>
<p>All data stored and processed within the United States. No international transfers. No third-country servers. Complies with state-level healthcare data residency requirements.</p>
</div>
</div>
</div>
</section>
<!-- DATA PROTECTION -->
<section class="section section-light">
<div class="container">
<div class="section-header">
<span class="section-label">Technical Controls</span>
<h2>How we protect your data</h2>
</div>
<div class="protection-grid">
<div class="protection-card">
<h4>Encryption in Transit</h4>
<p>All data transmitted over TLS 1.2 or higher. End-to-end encryption from your system to ANKA and back. No unencrypted data on the wire.</p>
</div>
<div class="protection-card">
<h4>Encryption at Rest</h4>
<p>All stored data encrypted using AES-256. Encryption keys stored separately from data. Hardware security modules (HSM) for key management. Regular key rotation.</p>
</div>
<div class="protection-card">
<h4>Access Control (RBAC)</h4>
<p>Role-based access control. Every ANKA team member has minimal required access. No blanket database access. Principle of least privilege enforced at system level.</p>
</div>
<div class="protection-card">
<h4>Multi-Factor Authentication</h4>
<p>MFA required for all user logins. Phishing-resistant authentication (FIDO2 compliant). No passwords alone. Secure credential management.</p>
</div>
<div class="protection-card">
<h4>Audit Logging</h4>
<p>Every access, every modification, every API call logged. Immutable audit trails. Log retention: 12 months minimum. Logs backed up and encrypted.</p>
</div>
<div class="protection-card">
<h4>Vulnerability Management</h4>
<p>Continuous vulnerability scanning. Annual penetration testing by third-party firm. Security patching within 24 hours of critical CVEs. Automated threat detection.</p>
</div>
</div>
</div>
</section>
<!-- INTEGRATION SECURITY -->
<section class="section section-white">
<div class="container">
<div class="section-header">
<span class="section-label">Integration</span>
<h2>How your data enters and leaves ANKA</h2>
</div>
<div style="max-width:800px;margin:0 auto;">
<div class="integration-item">
<h4>Secure File Transfer Protocol (SFTP)</h4>
<p>Your 835 files, denial reports, and claim data transferred via SFTP (SSH File Transfer Protocol). Encrypted end-to-end. Public key authentication. No passwords in transit.</p>
</div>
<div class="integration-item">
<h4>REST API Integration</h4>
<p>For real-time integrations with your EHR or billing system, ANKA provides authenticated REST API endpoints. OAuth 2.0. Rate-limiting. IP whitelisting available. Every API call signed and logged.</p>
</div>
<div class="integration-item">
<h4>Clearinghouse Integration</h4>
<p>Appeals submitted via your clearinghouse (or ours). ANKA never has direct database access to your EHR or billing system. Data flows through your existing, compliant channels.</p>
</div>
<div class="integration-item">
<h4>No Direct Database Access</h4>
<p>ANKA never has read/write access to your EHR, billing, or claims database. All integrations are through controlled API endpoints. You maintain full control over your data.</p>
</div>
</div>
</div>
</section>
<!-- AI & REGULATORY COMPLIANCE -->
<section class="section section-light">
<div class="container">
<div class="section-header">
<span class="section-label">AI Governance</span>
<h2>AI and regulatory compliance</h2>
</div>
<p style="font-size:1.05rem;color:var(--gray-700);line-height:1.8;max-width:750px;margin:0 auto 32px;">ANKA's AI executes denial management and underpayment recovery. This requires algorithmic transparency, audit trails, and human oversight to comply with healthcare regulations and fair lending rules (if applicable to healthcare credit decisions).</p>
<div style="display:grid;grid-template-columns:repeat(2,1fr);gap:24px;max-width:900px;margin:0 auto;">
<div style="padding:24px;background:white;border-radius:8px;border-top:3px solid var(--navy);">
<h4 style="margin-top:0;color:var(--navy);">Explainability</h4>
<p style="color:var(--gray-700);">Every ANKA recommendation includes reasoning: why this claim was identified as appealable, which payer rule triggered the underpayment flag, etc. Humans always decide the final action.</p>
</div>
<div style="padding:24px;background:white;border-radius:8px;border-top:3px solid var(--teal);">
<h4 style="margin-top:0;color:var(--teal);">Bias Monitoring</h4>
<p style="color:var(--gray-700);">We monitor for algorithmic bias by provider, payer, geography, and claim type. Our training data is audited for representativeness. Disparate impact testing conducted quarterly.</p>
</div>
<div style="padding:24px;background:white;border-radius:8px;border-top:3px solid var(--navy);">
<h4 style="margin-top:0;color:var(--navy);">Audit Trails</h4>
<p style="color:var(--gray-700);">Complete audit trail from claim intake to appeal submission. Every decision point logged. Your team can always see what the AI decided and why.</p>
</div>
<div style="padding:24px;background:white;border-radius:8px;border-top:3px solid var(--teal);">
<h4 style="margin-top:0;color:var(--teal);">Human Oversight</h4>
<p style="color:var(--gray-700);">ANKA recommends. Your team verifies and approves. Appeals are submitted by your name, reviewed by your staff, signed by your designated rep. You maintain full control.</p>
</div>
</div>
</div>
</section>
<!-- SECURITY INCIDENTS & TRANSPARENCY -->
<section class="section section-white">
<div class="container">
<div class="section-header">
<span class="section-label">Transparency</span>
<h2>Our security posture</h2>
</div>
<div style="max-width:700px;margin:0 auto;padding:24px;background:rgba(0,204,153,0.05);border-radius:8px;border-left:4px solid var(--teal);">
<p style="font-size:1.05rem;color:var(--gray-700);margin:0;"><strong>Data breaches since inception:</strong> Zero</p>
<p style="font-size:1.05rem;color:var(--gray-700);margin:12px 0 0;"><strong>HIPAA violations:</strong> Zero</p>
<p style="font-size:1.05rem;color:var(--gray-700);margin:12px 0 0;"><strong>SOC 2 audit findings:</strong> Zero critical, zero high-severity</p>
<p style="font-size:1.05rem;color:var(--gray-700);margin:12px 0 0;"><strong>Uptime:</strong> 99.95% (audited monthly)</p>
</div>
<p style="font-size:0.95rem;color:var(--gray-600);text-align:center;margin-top:24px;">We participate in responsible disclosure. If you discover a vulnerability, please contact <a href="mailto:security@anka.ai" style="color:var(--teal);font-weight:600;">security@anka.ai</a>.</p>
</div>
</section>
<!-- CTA -->
<section class="section cta-teal">
<div class="container text-center">
<h2>Security questions?</h2>
<p style="font-size:1.1rem;color:rgba(255,255,255,0.8);max-width:580px;margin:0 auto 32px;">We can provide detailed security documentation, SOC 2 reports, and BAA templates. Let's talk about your compliance requirements.</p>
<a href="/assessment/" class="btn btn-primary btn-lg btn-arrow">Start Your Complimentary Assessment</a>
<p style="font-size:0.875rem;color:rgba(255,255,255,0.6);margin-top:12px;">Complimentary for qualified organizations (10+ providers).</p>
</div>
</section>
Before you go —
See what $1M in lost revenue looks like across an entire revenue cycle. Dollar-by-dollar. Every stage. Every number sourced.