Encrypted at rest — every patient name, DOB, MRN, member ID, TIN and NPI is stored as AES-128 ciphertext with HMAC-SHA256 integrity. The database itself never sees plaintext PHI.
Encrypted in transit — all API calls and live IVR audio streams travel over TLS 1.3. Search queries are HMAC-hashed client-side before they reach the database.