01
AES-256 at rest
Patient records, recordings, and document blobs encrypted at rest in AWS S3 with KMS-managed customer keys.
HIPAA-ready · BAA on file
Security & Compliance.
Patient data is sacred. We treat it that way. Here is the architecture that protects it, the controls that govern it, and the certifications we hold (and are pursuing).
HIPAAREADY
BAAON FILE
SOC 2 Type IIIN PROGRESS · Q3
HITRUST CSFROADMAP · 2026
ISO 27001ROADMAP · 2026
Twelve layers between a tooth and a token.
02
TLS 1.3 in transit
Modern cipher suites only. HSTS preloaded. Certificate pinning on mobile.
03
PHI redaction
AWS Comprehend Medical strips identifiers before any LLM call. Redaction is logged and audited.
04
No-train guarantee
Patient data is not used to train third-party AI models. We configure supported AI services with no-retention or no-training settings where available, and PHI is only processed for the customer's authorized workflow.
05
Role-based access
Patient · Front-desk · Dentist · Practice Manager · Founder. Least privilege, enforced at the API layer.
06
AWS Cognito MFA
Two pools (practice + patient). MFA required for all staff. Session timeouts configurable per role.
07
Audit logging
Every PHI read, write, export, or share creates an immutable audit record. 7-year retention.
08
Clinician-in-the-loop
No AI output enters the official record without a clinician's electronic signature.
09
BAA with sub-processors
AWS, Deepgram, Telnyx, Stripe — all under signed BAAs where they touch PHI.
10
Private VPC inference
Bedrock + Deepgram traffic stays inside our VPC. No public-internet model calls.
11
Incident response
15-minute SLA on PHI incidents. Breach notification protocol aligned with HIPAA §164.404.
12
Quarterly pen-tests
Independent third-party pen-tests every 90 days. Summary letters available under NDA.
From audio in the operatory to bytes in your PMS.
Trace a single visit through every layer. Every step is encrypted, audited, and minimal.
01
Capture
Microphone in the operatory. Audio buffered locally, never persisted to disk.
TLS 1.3
02
Stream
Chunks streamed to our VPC over mutual-auth TLS. Session token expires in 15 min.
JWT · 15m
03
Redact
Comprehend Medical strips PII before any LLM. Original audio destroyed on close.
PHI · OUT
04
Infer
Bedrock generates SOAP. No retention. No training. No third party.
NO-RETAIN
05
Sign
Dentist reviews & signs. Note encrypted in S3 + written to your PMS via the secure connector.
AUDIT-LOGGED
Every vendor that touches PHI, named.
| Provider | Purpose | Region | BAA |
|---|---|---|---|
| AWS · S3, SES, SNS, SQS, Cognito, KMS | Infrastructure, storage, identity | us-east-1, us-west-2 | SIGNED |
| AWS Bedrock | LLM inference for SOAP + summaries | us-east-1 | SIGNED |
| AWS Comprehend Medical | PHI redaction pipeline | us-east-1 | SIGNED |
| Deepgram | Medical-grade transcription | US | SIGNED |
| Telnyx | Voice agent telephony | US | SIGNED |
| Stripe | Subscription billing (no PHI) | US | N/A |
| PostgreSQL on AWS RDS | Operational database (encrypted) | us-east-1 | SIGNED |
Documents, downloadable.
BAA template
Standard Business Associate Agreement (signable PDF).
Privacy policy
What we collect, what we don't, what you control.
Terms of service
Standard SaaS terms. Month-to-month. Plain English.
Data processing addendum
For practices with extra compliance requirements.
Security overview
One-pager for your IT review. Controls + architecture.
Pen-test letter
Most recent third-party pen-test summary (NDA-gated).
Sub-processor list
Live list of every vendor in the data path.
Ask compliance
Question we didn’t answer? Direct line.
Have a security question?
A real security engineer reads every email at security@practicepilotai.com. Pen-test letters are available under NDA.