Security & Compliance
Enterprise-Grade Security for Healthcare AI
We built VeriSight with a "Paranoid-First" architecture. We assume all data is sensitive and design our systems to minimize risk at every layer.
HIPAA-Aligned Design
Built with HIPAA requirements in mind. Technical, administrative, and physical safeguards implemented.
Zero PHI Retention
We process your data but never store PHI. Data is deleted after processing.
Azure Cloud Hosting
Built on Microsoft Azure with encryption at rest and in transit. US data centers.
Zero PHI Retention Policy
"The safest data is data we don't have."
For our marketing and admission decision support tools, we operate on a strict "Zero Retention" policy. We process the necessary documents to give you an answer (e.g., "Accept/Deny" or "PDPM Rate"), and then we immediately scrub the source files from our servers.
- Data processed in memory only
- Immediate deletion after processing
- No PHI in logs or databases
- No AI model training on your data
Process & Delete
Automated scrubbing of all source files
For Your IT Team
Encryption Everywhere
TLS 1.3 for all data in transit. AES-256 for any data at rest (though we rest very little data).
Strict Access Control
Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA) enforced for all admin access, and least-privilege principles.
Audit Logging
Comprehensive immutable logs of all system actions, access attempts, and data processing events.
Automated Security Scanning
Continuous vulnerability scanning in CI/CD pipeline. Zero known CVEs in production dependencies. Regular security audits.
HIPAA-Aligned Practices
Privacy-First Architecture
Our platform is designed with HIPAA requirements in mind, implementing technical safeguards, administrative safeguards, and physical safeguards for protecting healthcare data.
Administrative Safeguards
Security policies and procedures documented and maintained. Employee training on HIPAA requirements. Incident response procedures in place. Regular risk assessments conducted.
Technical Safeguards
Unique user identification. Automatic logoff. Encryption and decryption. Audit controls. Transmission security.
How We Handle Your Data
Upload
Clinical notes uploaded via encrypted HTTPS. Data validated and sanitized on receipt.
Process
AI processes data in memory. Results returned. All processing in isolated environment.
Delete
Clinical data immediately deleted. No PHI stored in databases, logs, or backups.
Security FAQs
Do you store our clinical notes?
No. We process clinical notes in memory and delete them immediately after generating results. No PHI is ever stored on our servers.
Do you train AI models on our data?
No. We do not use your clinical data to train our AI models. Your data is used solely to generate your results and is then deleted.
Do you offer Business Associate Agreements?
Yes. We sign Business Associate Agreements with all customers before processing any PHI. Contact us to get started.
Where is your infrastructure hosted?
Our infrastructure runs on Microsoft Azure in the United States. Azure maintains HIPAA BAA coverage and SOC 2 certification. We maintain strict security controls and regular updates.
What happens if there's a security incident?
We have incident response procedures in place. In the unlikely event of a security incident, we will notify affected customers within 72 hours as required by HIPAA.
Have Security Questions?
Our team is happy to discuss our security practices in detail. Contact us to request a security review, BAA documentation, or to schedule a call with our team.
Full security audit documentation available upon request.