Is Vantage HIPAA compliant?
Vantage can be deployed in a HIPAA-compliant configuration when a BAA is executed and PHI is in scope. Supabase supports HIPAA BAAs, and Fulcrum will execute a BAA as part of engagement setup when required.
Vantage can be deployed in a HIPAA-compliant configuration. Supabase, the infrastructure provider, supports HIPAA Business Associate Agreements (BAAs). If your firm requires HIPAA compliance, Fulcrum can execute a BAA as part of the engagement setup.
This applies to firms in healthcare or adjacent services who handle Protected Health Information (PHI) as part of their sales or advisory work. If you are not handling PHI, HIPAA compliance is not required — but the security posture of the system applies equally regardless.
What HIPAA compliance means for Vantage
The HIPAA BAA covers the data infrastructure: how data is stored, encrypted, and accessed. It does not change how Vantage functions or what it can process. The requirement is that you identify, before the engagement begins, that PHI will be in scope and that HIPAA compliance is required.
If you are unsure whether HIPAA applies
If your CRM contains any patient data, referral data, or clinical context — even indirectly — HIPAA likely applies. Disclose this on the discovery call. Fulcrum will confirm the compliance requirements and the appropriate BAA language before any data is connected.
If HIPAA compliance is not confirmed before data is connected and PHI enters the system without a BAA in place, that creates a compliance exposure for your firm. The safest practice is to disclose before the engagement starts.
Related: Does Vantage use your data to train others · What happens to your data if you cancel · Vantage security architecture
Related pages
Still have questions? We answer in 24 hours.
No sales pitch. Just a straight answer.