Designed for secure healthcare workflows and human-reviewed decisions.
VeriSight is built for admissions review workflows where payer, authorization, clinical, and financial information must be handled carefully. Public contact forms are not for PHI or patient records.
What VeriSight does and does not do.
Supports admissions review
AdmitScore™ helps identify payer risk, documentation gaps, authorization readiness, and financial fit.
Does not replace judgment
It does not replace clinical, operational, payer, legal, or admissions judgment.
Facility staff decide
Facility staff remain responsible for final admission, authorization, and follow-up decisions.
Source verification required
AI-extracted payer, authorization, and clinical information should be verified against source documents.
No reimbursement guarantees
Revenue and margin estimates are planning estimates and are not guarantees.
No public PHI intake
Do not submit PHI, patient records, or confidential clinical information through public forms.
Concrete posture, plain English.
We don't post blanket compliance claims here. We do post the architecture facts your procurement and security reviewers will ask about. Ask for the procurement packet and we'll send the security questionnaire response, BAA template, and architecture diagram on request.
Where AdmitScore runs
- Microsoft Azure, US data center region.
- TLS 1.2+ enforced for all transport (public site, API, admin).
- Encryption at rest for application data and durable lead store.
- HSTS preload, strict CSP, modern security headers on every response.
BAA and PHI boundary
- BAA signed before any PHI workflow begins.
- Public website forms never accept PHI; honeypot + Turnstile verification on submit.
- Pilot PHI workflows use a contracted secure intake (file or secure inbox), not public forms.
- Synthetic-only data on every public marketing example.
AI sub-processor
- Azure OpenAI Service, BAA-covered through Microsoft, used for packet extraction.
- Bedrock model invocation logging is intentionally off in PHI-capable environments.
- Prompts and outputs scoped to the packet under review.
- Sub-processor list available in the procurement packet.
Audit, access, and retention
- Decision telemetry on every packet review (timestamp, user, decision) so leaders can audit what was reviewed and how outcomes tracked.
- Role-based access for pilot users; admin-only for Margin Score by design.
- Data minimization: only what's needed for the pilot evaluation is retained.
- Pilot-end data handling is part of the BAA + pilot agreement.
Compliance trajectory
- BAA-bound pilots today.
- SOC 2 readiness work in progress; status discussed during pilot scoping rather than claimed as completed on the public site.
- Compliance artifact updates (BAA, security questionnaire, architecture diagram) available on request.
Incident posture
- Founder-led incident response: Jack notified within 4 hours of any production incident.
- Sentry-based error monitoring with PII scrubbing (request bodies, cookies, query strings stripped).
- Standard Azure-managed backups for application data.
- Incident communication plan included in the BAA when applicable.
Ready to evaluate? Email info@verisightanalytics.com and we'll send the procurement packet (security questionnaire, BAA template, architecture diagram) before the pilot scoping call.
Where we hold the line.
Above is what we do. Below is what we won't say without documentation. The public site avoids blanket compliance claims; concrete claims live in the procurement packet and BAA.
Security and implementation scope are reviewed before live-data pilot use.
Business Associate Agreement is signed before any PHI workflow begins. No exceptions.
Website lead forms are for business inquiry details only, not clinical records.
Marketing examples use synthetic/demo data and avoid real identifiers.