HIPAA-aligned
BAA-ready
We sign a Business Associate Agreement with every pharmacy. Protected health information is encrypted at rest and in transit. Access is role-based, so staff see only what their role requires.
Security & compliance
Security you can hand to an auditor.
CompRX is HIPAA-aligned, built to EPCS standards, and SOC 2 in progress. Here is exactly where we stand — stated plainly, with no credential claimed before it's earned.
EPCS-ready architecture
Certification in progress
CompRX is built to EPCS standards, with Drummond certification in progress. We do not claim EPCS certification, and we won't until Drummond confirms it. When it's complete, you'll hear it from us directly.
SOC 2, underway
Type II audit in progress
Our SOC 2 audit is in progress, with quarterly reviews planned. We'll link the status page and report here the moment they're available.
Data handling
Where your data lives.
Pharmacy and patient data is stored in the United States. We do not sell data, ever. Voice processing for protected information runs on-device wherever possible.
Human-in-the-loop
The agent assists. The pharmacist decides.
CompRX agents draft and route work. Final clinical and dispensing decisions are made by your licensed pharmacists. A human checkpoint is required at every clinical stage.