AuxoHealth
Back to home

Legal

Sub-processors

Our current sub-processor list — what each touches, where, and BAA status — is available to Covered Entities under NDA as part of procurement review.

Last updated · April 20, 2026

Auxo Health Solutions ("Auxo") engages a vetted set of sub-processors to deliver the platform. Each sub-processor that handles Protected Health Information ("PHI") on Auxo's behalf has executed (or is in the process of executing) a Business Associate Agreement, and is bound by the same confidentiality, security, and use-limitation obligations Auxo carries.

Receiving the current list

Our current sub-processor list — including each vendor, what they touch, the data-handling category, region, and BAA status — is available to Covered Entities and prospective Covered Entities under a mutual NDA as part of standard procurement and security review.

To request the list, email security@auxohealthsolutions.com from your work account, with:

  • Your facility / organization name
  • Your role (CISO, Compliance Officer, IT Director, Procurement Lead, etc.)
  • Whether you are an existing customer or in active evaluation

We respond within one business day. Existing customers receive the list within minutes; new evaluators receive it after countersigning a brief mutual NDA.

What we commit to, regardless of disclosure

  • No sub-processor sees PHI without a BAA. This is non-negotiable. Where a vendor cannot or will not sign a BAA, we either do not use them for PHI-touching workflows or we route their integration so PHI never reaches them.
  • No PHI is used to train foundation AI models. Our AI sub-processors are bound by zero-data-retention agreements for Auxo's account.
  • Material changes get advance notice. When we add or replace a sub-processor that processes PHI, we notify customers in advance, so you have an opportunity to object before the change takes effect.
  • You retain audit rights to the extent required by HIPAA and your executed BAA with Auxo.

Why we don't publish the full list publicly

The composition of our sub-processor stack — particularly which AI, voice, OCR, and clinical-data vendors we orchestrate — is part of how Auxo delivers the differentiated experience your facility is paying for. We treat that composition the way most early-stage B2B platforms do: openly with the customers who need it, not openly with our competitors. This posture is consistent with HIPAA's satisfactory assurances requirement (45 CFR § 164.504(e)(1)(ii)), which requires us to give Covered Entities visibility into how their PHI is handled — not to publish that information to the open internet.

Questions

For all sub-processor questions, BAA execution, and security-review requests: security@auxohealthsolutions.com