Security

Clinician and patient trust is our highest priority. We hold ourselves accountable
to a HIPAA-compliant data storage and processing protocol for all data captured and
shared through our platform.

Internal Personnel Security

All of our employees are required to:

  • Undergo background checks before being hired
  • Complete annual security awareness training on HIPAA, privacy, and information
    classification


Compliance

  • We conduct regular risk assessments to ensure policies remain up-to-date and relevant
  • Our CTO is responsible for Privacy and Security

Secure Development Lifecycle

  • All software changes are reviewed for compliance
  • We practice infrastructure-as-code. All infrastructure changes are reviewed
    before deployment
  • All engineers complete secure development practices training

Cloud Hosting and Availability

  • All hosting services and data is stored and processed within AWS secure
    data centers
  • We leverage AWS high-availability infrastructure to ensure the data is always
    Accessible
  • We have a HIPAA Business associate agreement with OpenAI


Confidentiality and Data Encryption

  • All data is encrypted at-rest and in-transit using standard encryption schemes


Vendor Management

  • All Vendors who may process patient information are required to be HIPAA compliant
    and sign BAAs with us
  • We regularly review vendor security practices to ensure continued high standards

Artificial Intelligence

  • All AI models are HIPAA compliant and don’t retain data
  • Protected health information is never used for AI training purposes

Patient Information

  • Patient information is encrypted at-rest and in-transit