Skip to content

Compliance, Security, & U.S. Data Sovereignty

Golden Age Hub was engineered for the regulatory realities of U.S. healthcare — not retrofitted to them. Every architectural decision is a compliance decision.

A Security Posture Built from First Principles

Most software platforms treat compliance as a feature added after the fact: a checkbox audit, a penetration test before launch, a policy document that lives in a drawer. Golden Age Hub takes the opposite approach. The security and privacy requirements of HIPAA, the 21st Century Cures Act, and federal data sovereignty guidelines were the inputs to the architecture, not constraints applied afterward.

The result is a system where data integrity is mathematically enforced, patient privacy is guaranteed by the physics of where computation happens, and every care event produces its own verifiable audit record without any additional configuration.


HIPAA Compliance Framework

The Health Insurance Portability and Accountability Act requires that Protected Health Information (PHI) be secured against unauthorized access, exfiltration, and modification throughout its entire lifecycle — at rest, in transit, and in use. Our multi-layer framework addresses each dimension.

Cryptographic Signatures & Non-Repudiation

Every telemetry event entering the system must carry a valid Ed25519 digital signature produced by the originating device or caregiver client. The API gateway verifies this signature against the device's pre-registered public key before the event is queued or stored. An unsigned or tampered payload is rejected at the perimeter with a 401 Unauthorized response.

Alongside signature verification, the gateway tracks sequence numbers in a Redis cache. Any event arriving with a sequence number that has already been seen, or that falls outside the expected window, is rejected with a 409 Conflict response. This closes the replay attack vector entirely: even a perfect copy of a previously valid event cannot be injected into the system.

Encryption at Every Layer

In Transit — All communication between devices, gateway services, and frontend clients is encrypted with TLS 1.3. There are no HTTP fallback paths.

At Rest — Database volumes and S3-compatible object storage archives are encrypted using AES-256. Encryption keys are managed through a key management service with rotation policies enforced at the infrastructure layer.

Tenant Isolation — Patient records, location logs, and event streams are partitioned using tenant-specific identifiers at the database level. A query scoped to one patient cannot surface records belonging to another, and there is no shared table structure that could be exploited for cross-patient data access.

Immutable Audit Infrastructure

Every administrative action — database query, key registration, API call, verification request — is written to an append-only audit log. This log cannot be modified after the fact; it is a chronological, tamper-evident record of system activity that satisfies the HIPAA requirement for audit controls under §164.312(b).

The Care Ledger takes this a step further. Events are not merely logged — they are hashed and compiled into Merkle tree blocks with cryptographically sealed root hashes. If any stored record is modified after sealing, the block's root hash breaks. Daily consistency checks detect this automatically, and the system can generate an inclusion proof for any individual event on demand.


Electronic Visit Verification (EVV) Coverage

The federal 21st Century Cures Act requires states to implement Electronic Visit Verification for all Medicaid-funded personal care and home health services. The mandate specifies six data points that must be captured and retained for every billable visit.

Golden Age Hub is engineered to capture all six — not as a reporting layer, but as native fields in the core event schema.

EVV Requirement Platform Implementation Verification Mechanism
Type of Service Mapped via Pydantic event schemas at ingestion Strict JSON Schema validation at gateway
Patient Identity Verified UUID registered in TimescaleDB Ed25519 signature checks tied to patient key
Date of Service ISO 8601 UTC timestamps on every event Timestamp bounds validation with replay protection
Location Lat/lng with GPS accuracy metrics Geofenced validation against client address records
Caregiver Identity Caregiver profile key mapping Device certificate verification at gateway
Start & End Times Session logs bounded by event stream entries Cryptographic ledger seals on session open/close

When a visit is committed to the Care Ledger, the six EVV fields become part of the sealed, tamper-evident block. Agencies can submit audit responses not with human-generated reports but with mathematical proofs — dramatically reducing the risk of disputed claims, reimbursement delays, and clawbacks.


U.S. Data Sovereignty

For care organizations serving Veterans Affairs programs, state Medicaid recipients, or federally funded facilities, data residency is a legal and contractual requirement, not a preference. Golden Age Hub enforces strict U.S. data residency at every layer of the stack.

Domestic Hosting — The production environment runs exclusively on American Cloud (ACKS), with compute and storage resources in U.S.-based datacenters. No foreign cloud regions are used, and no geographic load-balancing policies route traffic outside the continental United States.

Zero Overseas Traversal — Database replication, Redis pub/sub channels, object storage pipelines, and CDN edge nodes are all scoped to U.S. points of presence. Telemetry data does not cross international boundaries at any point in its lifecycle.

U.S. Operations — Infrastructure administration, database management, and privileged support access are restricted to U.S. citizens and U.S.-incorporated entities. This eliminates the foreign regulatory and legal exposure that comes with offshore operations or shared global support teams.

The combination of these controls makes Golden Age Hub suitable for procurement conversations with VA-affiliated facilities, state program administrators, and any organization that must demonstrate to regulators that patient data stays within U.S. jurisdiction.