Rosegard Health

Security & Compliance Overview

PATFlow™ by Healthcare Venture Group Inc. DBA Rosegard Health

Last updated: March 26, 2026

This document provides a summary of PATFlow's security controls, infrastructure, and HIPAA compliance posture for evaluation by healthcare organizations. Rosegard Health operates as a HIPAA Business Associate and executes Business Associate Agreements (BAAs) with Covered Entities prior to processing Protected Health Information (PHI). For detailed questions or to request our full security documentation package, contact security@rosegard.com.

HIPAA Compliance Framework

Rosegard Health operates as a Business Associate under HIPAA when processing PHI on behalf of Covered Entities. Our compliance program encompasses the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, and the HITECH Act.

Infrastructure & Hosting

PATFlow is hosted on Amazon Web Services (AWS), a HIPAA-eligible cloud infrastructure provider. AWS maintains SOC 1/2/3, ISO 27001, and FedRAMP compliance certifications. All HIPAA-eligible AWS services used by PATFlow are covered under our AWS Business Associate Agreement.

Data Encryption

Access Controls

Audit Logging

PATFlow maintains comprehensive, tamper-evident audit trails as required by HIPAA (45 CFR §164.312(b)):

Data Isolation

Application Security

Breach Notification

In compliance with the HIPAA Breach Notification Rule (45 CFR §§164.400-414) and the HITECH Act, Rosegard Health maintains documented breach notification procedures:

To report a security incident or concern, contact security@rosegard.com immediately.

Data Retention & Disposal

Disaster Recovery & Business Continuity

PATFlow's infrastructure is designed for reliability and rapid recovery as part of our HIPAA contingency plan (45 CFR §164.308(a)(7)):

Business Associate Agreements

Rosegard Health executes a Business Associate Agreement (BAA) with each Covered Entity prior to any PHI being processed through PATFlow, as required by HIPAA (45 CFR §164.504(e)).

To request a BAA or discuss compliance requirements, contact security@rosegard.com.

Compliance Documentation

Rosegard Health maintains the following compliance documentation, available upon request under NDA:

For copies of any compliance documentation or to schedule a security review call, contact security@rosegard.com.


About PATFlow: PATFlow is a HIPAA-compliant clinical decision support platform for preoperative coordination. It uses a deterministic, guideline-cited reasoning engine — not generative AI — to support clinical decision-making. All clinical decisions remain the responsibility of the treating clinician. PATFlow does not replace independent clinical judgment.