Cephable Inc. HIPAA Compliance Attestation Statement
Date: August 11, 2025
Prepared by: Jason Fields, COO
Organization: Cephable Inc.
🛡️ HIPAA Compliance Overview
Cephable Inc. affirms its compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), including the Privacy Rule, Security Rule, and Breach Notification Rule. Our organization has implemented and maintains administrative, technical, and physical safeguards designed to ensure the confidentiality, integrity, and availability of protected health information (PHI), even though PHI is not intentionally collected or stored by our systems.
🔍 Scope of Compliance
– Data Collection Practices:
Cephable does not intentionally collect, store, or process protected health information (PHI). Our platform is designed to operate without requiring users to input or transmit health-related data.
– Data Processing Architecture:
All machine learning and AI processes are executed locally on the client machine. No health-related data is transmitted to Cephable’s cloud infrastructure. This architecture ensures that sensitive information remains entirely within the user’s control.
– User Authentication:
The only data Cephable tracks is user authentication information (e.g., login credentials, session tokens). This data is not associated with any health-related information and is managed in accordance with HIPAA’s security standards.
– Third-Party Compliance Monitoring:
Cephable utilizes Vanta to continuously monitor and validate our HIPAA-related controls. As of [Insert Date], all applicable controls are implemented and passing, with 100% compliance status.
—
✅ Compliance Controls Summary
– Access control policies and procedures
– Encryption of authentication data in transit and at rest
– Local-only data processing for AI/ML workflows
– Regular internal audits and automated compliance tracking via Vanta
– Employee training on HIPAA principles and data handling protocols
—
📄 Attestation
Based on the above practices and controls, Cephable Inc. attests that it is operating in full compliance with HIPAA requirements. This attestation is supported by internal documentation, third-party monitoring, and a commitment to privacy-first design principles.
For any inquiries regarding this attestation or Cephable’s compliance posture, please contact:
support@cephable.com