SECURITY & COMPLIANCE

Your data is protected. Here's how.

ChartPilot is built around the principle that healthcare data requires defense-in-depth. We encrypt everything, log everything, and are transparent about what we're working toward.

TODAY

Security safeguards in place now.

Encryption in transit and at rest

All PHI encrypted with AES-256 at rest and TLS 1.3 in transit. Encryption keys managed by AWS KMS.

Audit-proof access logging

Every access to a patient record is logged with user, timestamp, action, and outcome. Logs retained for 7 years.

Role-based access control

Founder, admin, provider, and front-office roles with granular permissions. No cross-practice data leakage.

Business Associate Agreement

BAA available on request. Covers HIPAA compliance, breach notification, and data handling obligations.

US data residency

All data stored in US AWS regions (us-east-1, us-west-2). No data transfer outside the US.

Vulnerability scanning & penetration testing

Continuous automated scanning. Annual third-party penetration testing. Bug bounty program coming soon.

ROADMAP

Compliance roadmap.

In Progress

Q3 2026

SOC 2 Type II

Audit in progress. Expected completion Q3 2026. Covers security, availability, processing integrity, confidentiality, and privacy.

Planned

Q2 2026

HIPAA Risk Analysis

Formal risk assessment and mitigation plan. Required for BAA and enterprise contracts.

Planned

Q3 2026

FDA Clinical Decision Support Alignment

Formal documentation of AI governance, validation, and audit trail to align with FDA guidance on Clinical Decision Support.

Planned

2027

HITRUST Certification

Healthcare Information and Management Systems Society certification. Covers HIPAA, HITECH, and other healthcare security standards.

AI GOVERNANCE

How we govern AI in clinical documentation.

Dual-model architecture

Every note is generated by one model (GPT) and audited by an independent model (Claude). The auditor has no access to the generator's reasoning. This enforces separation of concerns and prevents a single model's hallucinations from reaching the provider.

Fact grounding

The note is regenerated against a structured facts JSON extracted from the visit's source inputs (dictation, structured fields, prior records). Anything in the prose that isn't in the facts is flagged as a hallucination candidate.

Deterministic rules

A rules engine applies CIGNA CPG-278 medical-necessity language, E/M level checks, and a denial-pattern validator built from real payer rejections. Rules are transparent and auditable.

Signing gates

If any layer (fact grounding, rules, independent audit) fails, signing is gated until it's resolved or explicitly overridden. Every override is captured in the audit log with the provider's reason.

Audit trail

Every note carries a QA report artifact with the generator's output, the auditor's findings, the rules applied, and any overrides. This is the documentation you'd need in a peer review, audit, or litigation.

Security questions?

Our security team is happy to discuss compliance, audit, or integration requirements.

[email protected]