Security & Compliance

Advanced security for the most sensitive data in healthcare.

Labrynix is HIPAA compliant, GDPR compliant, SOC 2 Type II attested, and ISO 27001 certified — protecting genetic and molecular laboratory data with defense-in-depth: AES-256 encryption, TLS 1.2+, multi-factor authentication, role-based access, immutable audit logs, secure delivery, and continuous monitoring, so labs keep full control, visibility, and accountability.

Book a Demo →Trust Center

Security by design

Protection built in layer by layer.

Genetic and molecular labs handle some of the most sensitive data in healthcare. Labrynix is engineered to protect it at every layer — with access controls, encryption, auditability, and secure delivery — so you control who sees what, track what happened, and keep accountability across the entire workflow.

Sensitive genetic, clinical, and laboratory data
Provider, patient, partner, and administrative access
Report review, approval, edit, and delivery events
Account structures, roles, and permissions
Data access, retention, and operational traceability

Compliance & certifications

HIPAA. GDPR. SOC 2. ISO 27001.

Labrynix meets the security and privacy expectations of modern healthcare — independently attested and certified — and partners with your lab on the agreements and documentation your compliance program needs.

HIPAAGDPRSOC 2 Type IIISO/IEC 27001

HIPAA Compliant

Protected Health Information

Labrynix is built to meet HIPAA requirements for protected health information (PHI), with technical and administrative safeguards across every PHI workflow.

Business Associate Agreements (BAAs) available
PHI encrypted in transit (TLS 1.2+) and at rest (AES-256)
Role-based access, MFA, and immutable audit trails
Secure, controlled report delivery
Continuous monitoring and incident response

GDPR Compliant

EU Personal Data

Labrynix supports GDPR obligations for organizations handling EU personal data, with lawful-processing controls and the agreements you need in place.

Data Processing Agreements (DPAs) available
Data subject rights: access, rectification, erasure
Data minimization and purpose limitation
Configurable retention and deletion controls
EU-aware data-handling processes

SOC 2 Type II

Independently Audited

Labrynix is independently audited against the AICPA SOC 2 Trust Services Criteria for security, availability, and confidentiality — assessed over a period of time, not a single point.

SOC 2 Type II report available under NDA
Security, availability, and confidentiality criteria
Controls evaluated across an audit period
Continuous control monitoring
Regular independent reassessment

ISO/IEC 27001

Certified ISMS

Labrynix operates a certified information security management system (ISMS) aligned to the ISO/IEC 27001 international standard for managing information security risk.

Certified ISMS aligned to ISO/IEC 27001
Risk-based, documented security controls
Formal policies, procedures, and ownership
Continual improvement and management review
Regular internal and external audits

Defense in depth

Security at every layer.

Labrynix doesn't rely on a single safeguard. Protection is layered from the data itself outward — so a control is never the only thing standing between sensitive data and risk.

Data protection

Encryption at rest with AES-256 and in transit with TLS 1.2+, with managed keys — so genetic, clinical, and report data is protected wherever it lives or moves.

Data

Identity & access

Single sign-on (SSO), multi-factor authentication (MFA), role-based access control, and least-privilege defaults keep access tightly scoped to the right people.

Identity

Application security

A secure development lifecycle, input validation, dependency and vulnerability monitoring, and regular review reduce risk before it reaches production.

Application

Network & infrastructure

Hardened cloud infrastructure, network segmentation, firewalls, and DDoS protection isolate workloads and limit exposure across the platform.

Infrastructure

Monitoring & audit

Immutable audit logs, continuous activity monitoring, anomaly alerting, and a defined incident-response process keep every key action visible and accountable.

Monitoring

Governance & resilience

Data governance, configurable retention, encrypted backups, and disaster recovery protect data integrity and availability over time.

Resilience

Core capabilities

Access, auditability, and accountability.

Role-Based Access Control

Define access by user type, team role, provider account, patient account, partner account, or administrative responsibility — with least-privilege defaults.

Multi-Factor Authentication & SSO

Protect accounts with multi-factor authentication and single sign-on (SAML), so identity is verified before access is granted.

Encryption Everywhere

Data is encrypted at rest with AES-256 and in transit with TLS 1.2+, with managed keys protecting data wherever it lives or moves.

Immutable Audit Logs

Track key user actions, report events, workflow changes, access history, approvals, edits, and delivery events in tamper-resistant logs.

Secure Report Delivery

Deliver reports through controlled portal workflows rather than unmanaged files or scattered, unencrypted communication channels.

Configurable Permissions

Control precisely who can view, create, edit, approve, deliver, export, or administer each workflow across your organization.

Data Governance Support

Support policies for data access, retention, user management, account controls, and operational traceability across the platform.

Monitoring & Alerting

Continuous activity monitoring and anomaly alerting surface unusual behavior, backed by a defined incident-response process.

Advanced protocols

The security specification.

Trust Center →

Encryption at rest: AES-256Strong symmetric encryption for stored data.
Encryption in transit: TLS 1.2+Encrypted connections end to end.
Authentication: MFA + SSOMulti-factor and SAML single sign-on.
Access model: RBACRole-based access, least privilege.
Auditability: Immutable logsTamper-resistant activity history.
Monitoring: Anomaly alertsContinuous monitoring & response.
Resilience: Backups & DREncrypted backups, disaster recovery.
Data handling: Minimize & retainData minimization, configurable retention.
Agreements: BAA & DPAHIPAA BAAs and GDPR DPAs available.

A compliance partnership

Advanced infrastructure — backed by real agreements.

We partner with your lab on compliance

Labrynix is HIPAA compliant and GDPR compliant, and provides the security infrastructure, Business Associate Agreements, Data Processing Agreements, and documentation your program needs. Your lab stays in control of its policies, while Labrynix handles the secure, compliant foundation underneath.

See our full security, privacy, and responsible-AI approach in the Labrynix Trust Center.

AI & your data

How our AI handles your data.

Grounded, not guessing

PGx and specialty guidance is anchored to recognized sources — CPIC, FDA labeling, DPWG, and PharmGKB — and your lab's validated rules. Explainable and traceable, never a black box.

Human sign-out, always

AI drafts and assists; qualified staff interpret, validate, approve, and electronically sign out every result. AI never makes the clinical decision.

Logged & auditable

Every AI action is captured in the audit trail — what was generated, from which inputs, and who reviewed it — so the workflow stays inspection-ready.

Your data serves your lab

PHI is handled under HIPAA-aligned controls and your Business Associate and Data Processing Agreements. Your lab's data is used to do your lab's work — not to train shared models for anyone else.

FAQ

Questions,
answered.

Is Labrynix HIPAA compliant?

Yes. Labrynix is HIPAA compliant and supports protected health information (PHI) workflows with AES-256 encryption, TLS 1.2+, role-based access, multi-factor authentication, immutable audit logs, secure report delivery, and Business Associate Agreements (BAAs).

Is Labrynix GDPR compliant?

Yes. Labrynix is GDPR compliant and supports lawful processing of EU personal data, including Data Processing Agreements (DPAs), data subject rights, data minimization, purpose limitation, and configurable retention.

Is Labrynix SOC 2 and ISO 27001 certified?

Yes. Labrynix is SOC 2 Type II attested against the AICPA Trust Services Criteria (security, availability, and confidentiality) and operates an ISO/IEC 27001 certified information security management system. A SOC 2 Type II report is available under NDA.

How is data encrypted?

Data is encrypted in transit with TLS 1.2+ and at rest with AES-256, with managed encryption keys.

Does Labrynix provide audit logs and access control?

Yes. Labrynix provides immutable audit logs, role-based access control, multi-factor authentication, and configurable permissions across key workflow and report activity.

Let's build the future of labs

Talk through security and compliance with your lab in mind.

Book a Demo →Get the Buyer's Guide

HIPAA · GDPR · SOC 2 Type II · ISO 27001 · AES-256 · TLS 1.2+ · MFA · RBAC · Audit logs