Security

Clinician and patient trust is our highest priority. We hold ourselves accountable
to a HIPAA-compliant data storage and processing protocol for all data captured and
shared through our platform.

Internal Personnel Security‍

All of our employees are required to:

• Undergo background checks before being hired
• Complete annual security awareness training on HIPAA, privacy, and information
  classification

‍
Compliance

• We conduct regular risk assessments to ensure policies remain up-to-date and relevant
• Our CTO is responsible for Privacy and Security
  ‍

Secure Development Lifecycle

• All software changes are reviewed for compliance
• We practice infrastructure-as-code. All infrastructure changes are reviewed
  before deployment
• All engineers complete secure development practices training
  ‍

Cloud Hosting and Availability

• All hosting services and data is stored and processed within AWS secure
  data centers
• We leverage AWS high-availability infrastructure to ensure the data is always
  Accessible
• We have a HIPAA Business associate agreement with OpenAI

‍
Confidentiality and Data Encryption

• All data is encrypted at-rest and in-transit using standard encryption schemes

‍
Vendor Management

• All Vendors who may process patient information are required to be HIPAA compliant
  and sign BAAs with us
• We regularly review vendor security practices to ensure continued high standards
  ‍

Artificial Intelligence

• All AI models are HIPAA compliant and don’t retain data
• Protected health information is never used for AI training purposes
  ‍

Patient Information

• Patient information is encrypted at-rest and in-transit