Live in under 5 minutes
No compliance consultant, no months of legal review. Install, embed, collect PHI.
Add <script> tag + data-haas-form divPatient submits in embed.hipaacompliant.io iframeReceive record_id via postMessage — never PHInpm install @haas/sdk for vault + webhook accessSDKs for every stack
React
@haas/reactNode.js
@haas/sdkPython
haas-sdkGo
github.com/haas-dev/goRuby
haas-rubyPHP
haas/haas-phpEverything you need to ship
Sandbox Mode
Full production parity sandbox. Fake PHI, real flow. No risk to real patient data.
Webhooks
Async events for form completions, PHI access, audits. HMAC-signed. Retry with backoff.
HIPAA by default
Every API call logs who accessed what and why. Immutable. No config needed.
Sub-100ms latency
Global edge network. PHI retrieval p99 under 80ms. No cold starts on your critical path.
API Key + OAuth
API keys for server, OAuth PKCE for browser. Scoped access, key rotation, IP allowlists.
Immutable audit logs
Every read, write, and delete logged. HMAC-SHA256 signed. Retained indefinitely (HIPAA requires 6 years minimum). Exportable to SIEM.