# HASP

> Last updated: 2026-05-06

> HASP is the compliant AI platform for regulated enterprises. Chat & documents, a developer API, an AI-powered Studio for bespoke internal apps, and an Agent SDK — all on one HIPAA-ready platform, one BAA, one signed audit chain.

## What HASP does

Regulated organizations — healthcare clinics, legal teams, financial services firms, life sciences companies — use HASP to run AI workloads that would be off-limits on general-purpose tools. Every prompt goes through HASP's PHI scanning layer before it reaches the model. Every action is logged to an Ed25519-signed, hash-chained audit trail. One BAA covers every surface. One bill.

HASP replaces the five-vendor stack that regulated teams otherwise stitch together: a HIPAA chatbot, a document tool, a developer API with DIY guardrails, an AI-powered internal-app builder, and some form of audit logging. None of those vendors covers the others' surface. HASP does all of it under the same compliance + audit layer.

## Four product surfaces

- **Assistant Chat** — HIPAA-ready conversational AI for the regulated work your team is already doing. Document upload, per-org context, every turn on the audit chain. Send PHI under your BAA, or redact it pre-model — your policy choice. Runs on BAA-covered frontier AI models.
- **Studio** — AI-powered internal app builder. Describe the workflow you need (triage, prior-auth, referrals, compliance dashboards) and HASP builds it: schema, UI, permissions, audit hooks. Publish to your team in minutes; inherit the same compliance posture as the rest of your HASP environment.
- **Public API** — Drop-in REST API compatible with leading AI provider SDKs, with HASP's identity, policy, and PHI-handling layer in front. Adds BAA coverage, per-caller audit, and pre-action tool authorization.
- **Agent SDK** — First-class agent identity with delegated authorization, OAuth 2.1 + RAR scopes, MCP-aligned tool authorization. Every agent action is gated, logged, and attributable.

## Compliance + audit layer

Every paid tier includes:

- **BAA** — One Business Associate Agreement covers every surface (chat, documents, API, Studio, Agent SDK). Signed in-app; countersigned before real PHI is allowed.
- **PHI handling** — Every prompt is scanned for HIPAA Safe Harbor identifiers inside the HASP tenant before it leaves. Healthcare-tuned recognizers cover the clinical language general detectors miss. Per-org policy decides what happens on detection: allow under BAA, redact pre-model, or block.
- **Signed audit chain** — Every user action, agent action, and tool invocation is written to a tamper-evident hash chain, signed with an Ed25519 key. Export at any time; verify on your auditor's machine.
- **Per-org data isolation** — Dedicated data isolation and object storage per organization. No shared tables, no cross-tenant query paths.
- **Direct provider integration** — HASP holds direct BAAs with every BAA-covered inference provider in the path. No intermediary AI gateway; named subcontractors are listed at /sub-processors.
- **Frameworks** — HIPAA (HITECH), GDPR, CCPA, SOC 2 Type II (in progress), HITRUST CSF (roadmap). One control set covers all.

## Pricing

**Platform plans** (four product surfaces: Assistant chat, Studio, Public API, Agent SDK):
- **Solo** — $199/month — Individual practitioners and small practices
- **Professional** — $549/month — Growing teams with shared AI workflows
- **Business** — $1,499/month — Multi-team orgs with compliance requirements
- **Enterprise** — Custom contract — Health systems, law firms, enterprise regulated orgs

**API plans** (compliant inference + agent identity for developers):
- **Developer** — $249/month
- **Growth** — $899/month
- **Scale** — $1,799/month
- **Enterprise** — Custom contract

**Free Evaluation** — 30 days OR 50,000 AI Credits OR 5,000 Agent Actions (whichever ends first). No BAA until you countersign; real PHI is prohibited during evaluation.

**Four metered axes** (usage beyond plan inclusions):
- AI Credits — inference consumption across all models
- App Operations — Studio app record reads/writes
- Storage — documents, org data
- Agent Actions — tool invocations through the agent policy gate

No per-seat fees. No per-app caps. No per-agent base charges. Compliance, identity, and audit on every paid tier.

## Who HASP is for

- **Clinical teams** — Clinics, practices, therapy groups, and care management teams that need AI for documentation, prior auth, triage, and patient communication — with a signed BAA and verifiable audit trail.
- **Health systems** — Enterprise healthcare orgs that need per-org data isolation, custom AI workflows, agentic automation, and HITRUST-aligned controls.
- **Compliance officers** — The person who has to sign off. HASP is built to produce the evidence they need: signed audit exports, redaction logs, BAA lifecycle records.
- **Developers** — Engineers building regulated AI features who want BAA-covered frontier models plus HASP's compliance layer via a drop-in API, without standing up their own PHI handling.
- **Legal and financial services** — Regulated industries outside healthcare with similar audit, access-control, and data-isolation requirements.

## Key pages

- [Homepage](https://usehasp.com/) — Product overview, value proposition, compliance posture
- [Product](https://usehasp.com/product) — All four surfaces: chat, Studio, API, Agent SDK
- [Solutions](https://usehasp.com/solutions) — By vertical (healthcare, legal, financial services) and by role (compliance officer, developer, practice manager)
- [Pricing](https://usehasp.com/pricing) — Full plan breakdown with meters and FAQ
- [Trust Center](https://usehasp.com/trust) — Compliance posture, sub-processors, data flow, audit artifacts
- [FAQ](https://usehasp.com/faq) — Common questions on security, pricing, BAA, PHI, and teams
- [Blog](https://usehasp.com/blog) — Guides for regulated teams on compliant AI
- [About](https://usehasp.com/about) — Mission and team background
- [Contact](https://usehasp.com/contact) — Sales, compliance inquiries, BAA requests, support

## How HASP differs from alternatives

- **ChatGPT / Claude.ai** — No BAA, no PHI scanning, no audit trail. Not for regulated use with real patient or client data.
- **Microsoft Copilot for Healthcare** — Enterprise-only, M365-locked, no public API or agent SDK. HASP serves solo practitioners through enterprise on the same stack.
- **Salesforce Einstein / Epic** — Vertical-specific, EHR-embedded. HASP covers the workflows those platforms don't: cross-vendor, cross-workflow, with a developer API.
- **AWS HealthLake / Google Health AI** — Infrastructure layers. HASP is the application platform on top — identity, policy, audit, PHI, BAA.
- **Generic HIPAA chatbot wrappers** — Sign a BAA and give you a prompt box. HASP adds Studio (bespoke app builder), a developer API, agent identity, and a verifiable audit chain those wrappers don't provide.

## Contact

- Website: https://usehasp.com
- App: https://app.usehasp.com
- Email: hello@usehasp.com
- LinkedIn: https://www.linkedin.com/company/usehasp
- X / Twitter: https://x.com/usehasp