Security

Clinician and patient trust is our highest priority. We hold ourselves accountable to a HIPAA-compliant data storage and processing protocol for all data captured and shared through our platform.

Internal Personnel Security‍

All of our employees are required to:

• Undergo background checks before being hired

• Complete annual security awareness training on HIPAA, privacy, and information classification

‍
Compliance

• We conduct regular risk assessments to ensure policies remain up-to-date and relevant

• Our CTO is responsible for Privacy and Security
  ‍

Secure Development Lifecycle

• All software changes are reviewed for compliance

• We practice infrastructure-as-code. All infrastructure changes are reviewed before deployment

• All engineers complete secure development practices training
  ‍

Cloud Hosting and Availability

• All hosting services and data is stored and processed within Google Cloud secure data centers

• We leverage Google Cloud high-availability infrastructure to ensure the data is always accessible

• We have a HIPAA Business associate agreement with Google and OpenAI

‍
Confidentiality and Data Encryption

• All data is encrypted at-rest and in-transit using standard encryption schemes

‍
Vendor Management

• All Vendors who may process patient information are required to be HIPAA compliant and sign BAAs with us

• We regularly review vendor security practices to ensure continued high standards
  ‍

Artificial Intelligence

• All AI models are HIPAA compliant and don’t retain data

• Protected health information is never used for AI training purposes
  ‍

Patient Information

• Patient information is encrypted at-rest and in-transit