Security & Compliance

Enterprise-Grade Security for Healthcare AI

We built VeriSight with a "Paranoid-First" architecture. We assume all data is sensitive and design our systems to minimize risk at every layer.

HIPAA-Aligned Design

Built with HIPAA requirements in mind. All technical and administrative safeguards implemented.

Zero PHI Retention

We process your data but never store PHI. Data is deleted after processing.

Secure Cloud Hosting

Built on secure cloud infrastructure with encryption at rest and in transit.

Zero PHI Retention Policy

"The safest data is data we don't have."

For our marketing and admission decision support tools, we operate on a strict "Zero Retention" policy. We process the necessary documents to give you an answer (e.g., "Accept/Deny" or "PDPM Rate"), and then we immediately scrub the source files from our servers.

  • Data processed in memory only
  • Immediate deletion after processing
  • No PHI in logs or databases
  • No AI model training on your data

Process & Delete

Automated scrubbing of all source files

For Your IT Team

Encryption Everywhere

TLS 1.3 for all data in transit. AES-256 for any data at rest (though we rest very little data).

Strict Access Control

Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA) enforced for all admin access, and least-privilege principles.

Audit Logging

Comprehensive immutable logs of all system actions, access attempts, and data processing events.

Penetration Testing

Regular automated scanning and third-party security assessments to identify and remediate vulnerabilities.

HIPAA-Aligned Practices

Privacy-First Architecture

Our platform is designed with HIPAA requirements in mind, implementing technical safeguards, administrative safeguards, and physical safeguards for protecting healthcare data.

Administrative Safeguards

Security policies and procedures documented and maintained. Employee training on HIPAA requirements. Incident response procedures in place. Regular risk assessments conducted.

Technical Safeguards

Unique user identification. Automatic logoff. Encryption and decryption. Audit controls. Transmission security. All technical safeguards are implemented and maintained.

How We Handle Your Data

1

Upload

Clinical notes uploaded via encrypted HTTPS connection. Data validated and sanitized on receipt.

2

Process

AI processes data in memory. Results generated and returned to you. All processing in isolated environment.

3

Delete

Clinical data immediately deleted after processing. No PHI stored in databases, logs, or backups.

Security FAQs

Do you store our clinical notes?

No. We process clinical notes in memory and delete them immediately after generating results. No PHI is ever stored on our servers.

Do you train AI models on our data?

No. We do not use your clinical data to train our AI models. Your data is used solely to generate your results and is then deleted.

Do you offer Business Associate Agreements?

We can discuss BAA requirements with enterprise customers. Contact us to discuss your specific compliance needs.

Where is your infrastructure hosted?

Our infrastructure is hosted on secure cloud providers in the United States. We maintain strict security controls and regular updates.

What happens if there's a security incident?

We have incident response procedures in place. In the unlikely event of a security incident, we will notify affected customers within 72 hours as required by HIPAA.

Have Security Questions?

Our team is happy to discuss our security practices in detail. Contact us for a security review, BAA, or to schedule a call with our security team.

Contact Security Team