Security
Clinician and patient trust is our highest priority. We hold ourselves accountable
to a HIPAA-compliant data storage and processing protocol for all data captured and
shared through our platform.
Internal Personnel Security
All of our employees are required to:
- Undergo background checks before being hired
- Complete annual security awareness training on HIPAA, privacy, and information
classification
Compliance
- We conduct regular risk assessments to ensure policies remain up-to-date and relevant
- Our CTO is responsible for Privacy and Security
Secure Development Lifecycle
- All software changes are reviewed for compliance
- We practice infrastructure-as-code. All infrastructure changes are reviewed
before deployment - All engineers complete secure development practices training
Cloud Hosting and Availability
- All hosting services and data is stored and processed within AWS secure
data centers - We leverage AWS high-availability infrastructure to ensure the data is always
Accessible - We have a HIPAA Business associate agreement with OpenAI
Confidentiality and Data Encryption
- All data is encrypted at-rest and in-transit using standard encryption schemes
Vendor Management
- All Vendors who may process patient information are required to be HIPAA compliant
and sign BAAs with us - We regularly review vendor security practices to ensure continued high standards
Artificial Intelligence
- All AI models are HIPAA compliant and don’t retain data
- Protected health information is never used for AI training purposes
Patient Information
- Patient information is encrypted at-rest and in-transit