HASP FAQ — HIPAA AI, BAA, Pricing & Security

HASP is the compliance layer for AI in regulated work — identity, policy, signed audit, multi-framework compliance posture, and HASP-owned PHI handling, all in one place. Two ways to buy: Platform (Assistant chat + Studio app builder, for teams using AI in their day-to-day workflows) and API (programmatic inference + Agent SDK, for developers building regulated AI into their own software).

Some consumer AI vendors will sign a BAA on their enterprise tiers, but a signed BAA is the floor, not the ceiling. None of them scan prompts for PHI before the model sees it, none produce a tamper-evident record of what was asked and answered, and the BAA-eligible tier is usually a separate SKU with chat history, file retention, and training behavior that have to be configured correctly by you. HASP signs a BAA up front, scans every prompt for PHI before it leaves your tenant against a policy you control, logs every request and response to a hash-chained, Ed25519-signed audit trail you can independently verify, and applies the same controls across chat, Studio, API, and Agent SDK under one contract.

Most HIPAA AI vendors are chat wrappers — a BAA and a prompt box. HASP owns the whole stack: PHI handling is built and operated by HASP (not delegated to a third-party gateway), agent identity is a first-class layer (not bolted on), the audit chain is cryptographically signed and independently verifiable, and four product surfaces (chat, Studio, API, Agent SDK) ride on the same platform under the same BAA. Direct integration with BAA-covered inference providers under HASP-direct BAAs. Comparing options yourself? Our 20-point HIPAA AI vendor checklist turns "are you HIPAA compliant?" into questions with verifiable answers.

Any team that needs modern AI and has to prove how regulated data was handled — from solo practitioners and small clinics through mid-market groups, hospital systems, law firms, financial-services organizations, and tier-1 enterprises. One platform, one BAA, one audit chain, scaled from a single user to thousands. If you answer to HIPAA, GDPR, CCPA, HITRUST, SOC 2, or similar frameworks, HASP is built for you.

SOC 2 Type II, HITRUST CSF, and HIPAA are inherited from our underlying compliance-hosting infrastructure — not aspirations on a roadmap. GDPR and CCPA/CPRA are covered at the platform layer. Reports, attestation letters, and the audit boundary are available under NDA.

Yes. The SOC 2 Type II report and bridge letter are available under a mutual NDA. Request it during security review and we'll share it once the NDA is in place. The HITRUST attestation and our HIPAA control matrix follow the same NDA-gated process.

Third-party penetration testing is part of the SOC 2 control set we operate under and is on the security roadmap, with a targeted scope on the AI Gateway and PHI-scanning pipeline. Once a test has been completed, the summary, scope, and remediation status are made available under NDA during security review. Reach out via the Trust Center for current status.

Yes — at the Trust Center. The register lists every downstream processor (infrastructure host, inference provider, PHI scanner, observability, billing) and the data category each one handles. Sub-processor changes carry a 30-day advance-notice obligation under the DPA so you can object before any change takes effect.

Yes. Security-load-bearing cryptographic operations performed inside the platform — outbound TLS handshakes, application-layer encryption (AES-256-GCM), audit-chain hashing and security-relevant token hashes (SHA-256), and audit export signing (Ed25519) — are performed inside the FIPS 140-3 validated OpenSSL FIPS Provider 3.1.2, NIST CMVP certificate #4985, Level 1, Active through March 2030. Password hashing (PBKDF2-HMAC-SHA-256) is configured to run inside the validated module as well, though the platform doesn't currently store user passwords (auth is OAuth, magic link, or SSO). Operational fingerprints (cache keys, idempotency keys) and webhook HMAC verification use FIPS-approved algorithms but a runtime hashing path outside the validated module, and are explicitly out of scope of this claim. Inbound user-facing TLS is terminated at the edge by a separately-validated module. HASP does not claim FedRAMP, CJIS, or environment-level FIPS validation — those require a separately-validated hosting environment.

The cryptographic-module question on a DEA EPCS audit (21 CFR 1311.115) is the easy one to pass on HASP — reference NIST CMVP certificate #4985 in your audit submission and you have a validated module on the NIST list. FIPS 140-3 supersedes and satisfies the FIPS 140-2 Level 1 reference in the regulation. Your full DEA audit covers your application, your processes, your registrants, and more — HASP's claim is bounded to the cryptographic-module question. Details are at the Trust Center under Cryptographic modules.

Yes. We respond to SIG (full and Lite), CAIQ, HECVAT, and customer-specific questionnaires during security review. Our public Security and Trust Center pages — including the data-flow overview — let reviewers pre-screen us before sending a custom questionnaire.

Sign-in coverage depends on the tier. Google and Microsoft OIDC sign-in are available on every tier including Free Evaluation — anyone with a Workspace or Entra account can log in without configuring anything. SAML SSO (works with any SAML 2.0 IdP — Okta, Entra ID, Ping, OneLogin, Auth0, etc.) and SCIM 2.0 group sync are available on Business and Enterprise. SAML SSO can be enforced; once on, all other sign-in methods are disabled for your org.

Yes. Organizations can pin an allowlist of model IDs at the org level — useful for cost control, internal policy, or audit consistency. The allowlist is enforced at the AI Gateway, so it can't be bypassed by a developer hitting the API directly. Every model HASP exposes is covered by the BAA.

Yes, on Enterprise. US data residency is the default. Additional regions are available — contact us to discuss your requirements.

Confirmed breach notification to affected customers within the timelines required by HIPAA (no later than 60 days from discovery; faster in practice), GDPR Article 33 (72 hours to the supervisory authority), and CCPA. Customer-impacting incidents that don't rise to a breach are reported on the status page and via email to security contacts promptly upon confirmation.

Yes. HASP is HIPAA compliant from day one — that's an operating condition, not a marketing phrase. We implement the HIPAA Security Rule (§164.302–§164.318), Privacy Rule (§164.502–§164.514), and Breach Notification Rule (§164.400–§164.414) controls that apply to a business associate handling PHI on behalf of covered entities. HHS does not issue HIPAA certificates; compliance is self-asserted and audit-defensible. Our entire compliance control surface — BAA lifecycle, PHI scanning, hash-chained audit trail, breach workflow, sub-processor register — exists to satisfy that obligation set.

Yes — a BAA is included on every paid plan, and you can countersign in-app. There's no procurement back-and-forth and no legal review cycle to start. The BAA is sourced from HHS provisions and posted to our Trust Center. HASP also holds BAAs directly with its inference providers, so one agreement covers the whole path your PHI takes — see what BAA-included AI covers. Until the BAA is countersigned, you can evaluate every surface (chat, documents, API, internal apps) using non-PHI data only.

HASP integrates directly with BAA-covered inference providers under HASP-direct BAAs — no third-party AI gateway in the path. Each provider is a subcontractor business associate; the sub-processor register lists each one with their data scope. Every inference request passes through HASP's own pipeline: BAA verification, PHI scan and redact, provider routing, and a signed audit entry. Org admins can pin allowed providers and models at the org level on every plan. Sub-processor changes carry a 30-day advance-notice obligation under the DPA.

No. A signed BAA is required to use HASP with PHI, and PHI handling is the core of what HASP does. Every account starts with a free evaluation — the full product on non-regulated data — but that's a time-limited sandbox to let you verify the product before signing, not a BAA-free operating mode. PHI submission unlocks once the BAA is countersigned in-app.

Our hosting infrastructure carries SOC 2 Type II — the compute, database, and network layers where your data lives. A platform-level SOC 2 engagement is on the roadmap. If you need it for a specific procurement, contact us to discuss timing and scope.

HASP is compliant with HIPAA, GDPR, CCPA/CPRA, and PIPEDA — not HIPAA-only. Inherited mechanisms include Article 17 erasure, Article 20 portability, Article 30 sub-processor records, and CPRA-compliant role boundaries for automated decision-making. PIPEDA's ten fair-information principles are satisfied by the same control set, with cross-border transfer accountability discharged through contractual clauses in our DPA. We're also built to satisfy Canada's forthcoming CPPA (Bill C-27) when it comes into force — the same control set covers it. EU data residency is available for Enterprise engagements; full data sovereignty supported on request.

Every chat turn, uploaded text, and tool definition passes through HASP's PHI detection pipeline inside your environment — built and operated by HASP, not rented from a third-party gateway. Healthcare-specific recognizers cover the HIPAA Safe Harbor identifiers plus the clinical language general-purpose detectors miss. What happens on detection is your call: allow PHI through under your BAA (it's still your data, your decision), redact pre-model with re-identification in the response, or block outright. Every detection and the action taken lands on your signed audit chain.

Your org's PHI policy decides. Allow lets PHI flow through to the model under your BAA with full audit logging — the most common choice when the model needs identifiers to do the work. Redact replaces detected identifiers with placeholders before the prompt leaves your environment, then re-identifies on the way back. Block rejects the prompt and shows the user which categories fired. Whichever you pick, every detection event is logged to your audit trail with the categories, the action taken, and the user who initiated the request.

HASP runs on HIPAA-eligible managed compliance hosting (compute, database, network) on dedicated cloud infrastructure. Solo, Professional, and Business orgs share a logical multi-tenant data plane with row-level isolation by org. Enterprise orgs get a dedicated per-org data plane — no shared infrastructure — for stricter physical isolation, custom data residency, and longer audit retention.

HASP does not train any model on customer data, period. Our BAAs with inference providers prohibit training on commercial API traffic. Your conversations, documents, and prompts are not used to improve any model — ours or any provider's.

Every action in the system — chat turn, API call, document upload, RAG retrieval, internal-app event, BAA lifecycle event, PHI detection, admin action — is recorded as an immutable entry in a hash-chained log. Each entry references the cryptographic hash of the previous entry, so any tampering with a past entry breaks the chain at that point and every entry after it. Entries are signed with an Ed25519 key held by HASP; the public key is published so customers and auditors can verify signatures independently.

Yes. The audit-export format is plain JSON plus an Ed25519 public key and a verification recipe. An auditor can clone the export to their own machine, run the verification script, and confirm both the hash chain and the signature without any HASP software. Most HIPAA AI vendors claim 'audit logs.' HASP gives you a record an auditor can independently verify — without calling us, without special software, without trust.

It's a standard for getting an authoritative third-party timestamp on a piece of data. HASP anchors audit-chain checkpoints to an external Time Stamping Authority so the dates on your records aren't just 'whenever our server clock said it was.' If a regulator or auditor questions when an event happened, the answer is signed by an independent third party.

Seven years on every paid tier — Solo through Business. Enterprise can extend beyond that on a custom contract. Logs are partitioned monthly for export performance; the chain remains continuous across partitions and verification covers the full retention window.

Yes. Download the sample audit export and follow the verification guide — six steps covering hash chain, Ed25519 signatures, and TSA timestamp anchors.

Chain integrity is checked on every export. If a break is detected, the export surfaces the seq number where the break occurred and the partition it lives in. We notify customers promptly upon confirmation per the incident response process documented at the Trust Center.

Yes — multiple ways, on every tier including Free Evaluation. The Ed25519-signed audit export (verifiable on your own machine, no HASP software required) and the public verification API are universal. CSV downloads from the admin UI are included on Business and Enterprise. The audit-export API endpoint is available on the API plan for scheduling daily or hourly exports to your own cold storage. You're never locked in to retrieving logs through our admin UI.

Four product surfaces, two buying motions.

Platform — for teams using AI in their day-to-day work:

• Assistant — chat UI with document analysis and per-org RAG
• AI Studio — describe an internal app and watch the AI build it; publish purpose-built browser tools to your team

API — for developers building regulated AI into their own software:

• Public REST API — drop-in inference plus HASP-native workflow endpoints
• Agent SDK — first-class agent identity with scoped, time-bound, revocable credentials

Same BAA, same audit chain, same PHI handling across all four. Orgs can hold a Platform and API plan simultaneously.

Yes — change the base URL and API key, and existing code keeps working. HASP also offers higher-level workflow endpoints where PHI controls and prompt templates are enforced server-side. Full API reference is in the developer docs.

Any browser-based tool: intake forms, care-coordination dashboards, prior-auth workflows, audit-prep checklists, referral trackers, matter-intake tools, compliance reporting dashboards. Build apps directly in Studio — describe what you need and iterate with AI — and your team gets an authenticated URL on your tenant. Internal apps live under the same BAA, the same audit trail, and the same access controls as the AI surfaces.

Yes. The compliance floor is included whether you ever touch PHI or not. Plenty of teams use HASP for non-PHI work — internal calculators, sales tools, ops dashboards — and value the audit trail anyway. The same PHI scanning and signed audit chain apply across regulated frameworks (HIPAA, GDPR, CCPA), so legal teams, financial-services teams, and other regulated industries get the same guarantees.

Yes — the Free Evaluation. It's the full product on non-PHI data, including the integrity-chained audit chain and Agent SDK. Triple-bound by time, AI Credits, and Agent Actions — see the pricing page for current limits. Don't worry — evaluation stays free. Payment info verifies your identity and reduces fraud. You won't be charged unless you upgrade to a paid plan. Real PHI is permitted only after you countersign the BAA in-app.

HASP has two plan ladders — Platform (for teams that want the full surface bundle) and API (for developers integrating directly). Both offer several tiers with increasing included allotments, plus an Enterprise contract tier. Variable consumption bills against four meters: AI Credits (inference), App Operations (data API), Storage, and Agent Actions. Annual billing saves 15%. See the pricing page for current tier prices, included allotments, and overage rates.

An Agent Action is a single tool invocation by an agent — an AI acting under delegated human authority — that passes HASP's pre-action authorization gate. The meter captures what HASP adds on each tool call: scope evaluation, an entry in the signed audit chain, delegation tracking, and integrity-chain compute. Pure-inference customers (no agent identity) never see an Agent Action charge. The rule of thumb: thinking is metered everywhere AI runs (AI Credits); doing is metered only when an agent invokes a tool (Agent Actions).

No, no, and no. Active-user counts are capacity guidance, not invoiced. You can publish unlimited apps on any tier — costs only accrue when apps are used (App Operations + Storage meters). And agent existence is free — only authorized doing (Agent Actions) is metered.

The full compliance floor. Compliance posture (HIPAA + HITRUST + SOC 2 + GDPR + CCPA + PIPEDA/CPPA satisfied by one control set), HASP-owned PHI handling, signed audit chain (Ed25519 + RFC 3161 anchoring), agent identity layer, and direct integration with BAA-covered inference providers under HASP-direct BAAs — on every paid tier of both the Platform and API ladders. Within each ladder, every tier gets every surface for that buying motion: Platform tiers get Assistant chat + Studio; API tiers get Public API + Agent SDK. Tier differentiation is operational — seat counts, storage and usage allotments, governance analytics, and dedicated data plane at Enterprise — never compliance-gated.

Yes. Upgrades take effect immediately between Solo / Professional / Business — prorated against your current billing period, no waiting. Downgrades take effect at your next renewal date (no proration) — you keep your current tier's features until then. Upgrades to Enterprise that need a dedicated data plane provision asynchronously: you keep operating on your prior tier until the new plane is ready. Enterprise → lower tier is sales-mediated because the data-plane migration has to be scheduled.

Major credit cards for self-serve. Invoice billing with NET-30 terms is available on annual contracts and enterprise tiers. Every charge generates a downloadable PDF invoice in your billing portal.

Solo, Professional, and Business orgs share a multi-tenant data plane on HASP's HIPAA-eligible managed compliance hosting (dedicated cloud infrastructure) with row-level isolation by org. Enterprise orgs run on a dedicated per-org data plane — their own database, their own vector index, their own file storage. Across all tiers, the gateway, audit chain, and PHI handling pipeline enforce org-level isolation regardless of physical layout.

Yes — at multiple levels. Google and Microsoft OIDC sign-in are available on every tier including Free Evaluation. SAML SSO (Microsoft Entra ID, Okta, Google Workspace, or any other SAML 2.0 provider) is available on Business and Enterprise. SAML SSO can be enforced — once turned on, all other sign-in methods are disabled for your organization.

Yes, on Business and Enterprise. Point your domain at HASP and your team accesses the AI surfaces and published internal apps under your own URL.

You get a 30-day offboarding window before any org-wide deletion cascade. During that window, you can export everything — conversations, documents, audit logs, internal-app data — in machine-readable form. After 30 days, all PHI is deleted from primary storage; backups follow the documented retention curve and are excluded from any further restore operations.

All supported models are covered by the BAA — see the full model catalog for the current list, credit multipliers, and default-on vs admin-opt-in status. Higher-tier models are OFF by default at every tier; admins opt-in per org. Token allotments are denominated in standard-model-equivalent units, with lighter models consuming less and higher-tier models consuming more.

PDF, DOCX, plain text, Markdown, and most code formats. Two upload modes: inline context — documents are passed directly to the model in the conversation (best when you want the model to reason over specific files right now); knowledge base — documents are chunked, embedded into your per-org vector index, and retrieved on demand across future conversations (best for building a persistent, searchable library your team keeps adding to). PHI scanning runs on extracted text in both modes before anything leaves your tenant.

Per-tenant, encrypted at rest and in transit, isolated from other organizations. Solo, Professional, and Business orgs share a multi-tenant data plane with row-level isolation; Enterprise orgs get a dedicated per-org data plane with no shared cluster. Admins can export or delete history via the admin UI; the deletion event itself is logged to the audit chain.

Yes, on every tier. HASP includes governed web retrieval — the AI can search the web and fetch page content when it needs current or external information. Two independent PHI scans protect every search query before it leaves HASP: one on the full conversation context before inference, and a second on the exact query string the model constructs — catching any PHI the model might assemble into a tool argument even after the first scan ran. PHI never reaches web search providers. Retrieval results are injected into the model's context and cited in responses; citations persist with the conversation so you can verify sources after the fact. Org admins can disable web search entirely if they prefer the model to draw only from their own knowledge base.

Web search uses 5 credits per search and web fetch uses 2 credits, plus normal credit usage for the content retrieved and added to context. A typical search costs around 6–10 credits total — a small fraction of any plan's included allotment.

No. Describe what you need in plain language — intake form, prior-auth tracker, patient dashboard — and Studio builds it. You can iterate by describing changes the same way.

Common shapes: intake forms, internal dashboards, prior-auth workflows, audit-prep checklists, referral trackers, client portals, compliance-reporting dashboards. Apps read and write your HASP data and can call out to your own services.

Studio uses the same AI credit pool as your other AI surfaces. The builder shows your remaining balance in real time. When monthly credits run out, usage continues at your tier's published overage rate — no interruption — unless you've configured a spend cap to hard-stop at a specific limit.

Per-org RPM at the Gateway, scaling with your plan tier. Enterprise limits are custom. Rate-limit events come back as 429 with a Retry-After header; the event itself is logged. Current limits per tier are on the pricing page.

On /v1/messages, response shape and field names are response-compatible with the leading AI provider APIs. We add meta.usage and meta.billing fields for observability — these are additive, not breaking.

90-day deprecation notice, then 410 MODEL_RETIRED. New model IDs surface in the docs and in the admin model-allowlist UI before deprecation lands.

Yes — that's the API-first plans (Starter through Scale). They include the admin UI for keys, usage, audit-export, billing, and BAA status, but no Assistant chat UI or Studio app-builder. Platform plans bundle all of those.

HASP's A2A endpoint implements the Agent-to-Agent protocol, allowing external agents to discover HASP's tool surface, request delegated authorization (via OAuth 2.1 + RAR), and invoke tools through the policy gate. The protocol is MCP-compatible — existing MCP clients can connect without modification.

Each time an agent hands work to another agent, that's one link in a delegation chain. HASP caps chains at 10 links on all paid plans (3 on Free Evaluation). The cap is a safety rail against runaway loops, not a pricing lever — Enterprise customers with a legitimate need for deeper chains can raise it by contract. The gateway blocks the call if a chain would exceed the limit.

Yes. External agents connect via the A2A endpoint or the Agent SDK client library. You don't need to use Studio at all — the Agent SDK is a standalone way to build on HASP.

No. A2A only changes how an agent proves who it is. Once authenticated, the request runs through the same PHI handling and permission checks as a request from a person or an app — same rules, same audit record.

Outside agents connect directly. A LangChain agent running in your environment, a partner's orchestrator, or an MCP client all use the same permission and audit system as anything you build inside HASP.

Email by topic, or use the contact form:

• Product questions and bug reports — [email protected]
• BAA, sub-processor, security review, or compliance — [email protected]
• Security incidents, vulnerability reports, pen-test results — [email protected] (responsible-disclosure inbound, not triaged through general support)
• Sales, pricing, or procurement — [email protected]
• General questions or anything else — [email protected]

Business and Enterprise customers get priority routing.

Yes. The Trust Center publishes our sub-processor register, data-flow inventory, signed audit-export sample, and BAA. The DPA is available on request — email [email protected]. For active customers, signed audit exports are downloadable on demand. We also complete vendor-security questionnaires (SIG, CAIQ, custom) on request.