1. Is Autochart.ai secure, and what measures are in place to protect my data?
Yes, Autochart.ai prioritizes the privacy and security of your data. We comply with HIPAA, GDPR, and PIPEDA, meeting stringent privacy regulations across Canada, the US, and Europe.
Key security measures include:
Voice recordings are never stored: All recordings are transcribed in real-time and immediately deleted.
Comprehensive Canadian compliance: Adherence to privacy laws, including BC PIPA, Ontario PHIPA, and Quebec Law 25.
Partnership with Mirai Security: Our Canadian cybersecurity partner ensures we maintain the highest data protection standards.
Rigorous testing: Regular penetration testing, vulnerability scans, and security assessments.
Risk assessments: Threat Risk Assessments (TRA) and Privacy Impact Assessments (PIA) ensure ongoing compliance, especially in Ontario.
Limited access: Only authorized healthcare providers can access your data.
Encrypted and secure storage: Industry-leading encryption and protocols safeguard your data.
For more details, visit our Trust Center.
2. Who ensures Autochart.ai’s security and compliance?
Autochart.ai’s security and compliance posture is validated through independent, formal assessments by Mirai Security, our trusted cybersecurity partner. These assessments include:
Threat and Risk Assessments (TRA): Third-party evaluations of platform risks.
Privacy Impact Assessments (PIA): Ensuring compliance with PHIPA, GDPR, and other privacy regulations.
Governance, Risk, and Compliance (GRC) Review: Evaluation of our policies and controls.
Penetration Testing: Independent testing to validate security controls.
All assessments are regularly updated, ensuring continuous improvement. Related reports and certifications can be reviewed in our Vanta Trust Center.
3. Where is Autochart.ai data hosted?
For customers in Canada, all data is securely hosted in Microsoft Azure Canadian Data Centers, ensuring compliance with PIPEDA (Personal Information Protection and Electronic Documents Act). For customers with provincial or institution-specific requirements, we offer the option to specify the exact jurisdiction for server hosting through tailored agreements.
For customers in the United States, Australia, New Zealand, the United Kingdom, Europe, South Africa, Asia, and other global regions, Autochart.ai works closely with clients to establish hosting agreements customized to meet their jurisdiction-specific privacy and regulatory requirements. Data is hosted in regional data centers in compliance with applicable privacy laws such as HIPAA, GDPR, and other local regulations.
Additionally, Autochart.ai offers an on-site hosting option for organizations requiring full control over their data infrastructure.
4. Does Autochart.ai use PHI for AI training?
No. Autochart.ai does not use Personal Health Information (PHI) for AI training. We are committed to protecting user and patient privacy, handling PHI securely and exclusively for its intended purpose in compliance with all applicable regulations.
5. How does Autochart.ai ensure the security of its APIs and integrations?
Autochart.ai implements robust security measures to safeguard its APIs and integrations. All API communications are secured using Transport Layer Security (TLS) encryption, protecting data in transit from interception and tampering. For authentication and authorization, Autochart.ai employs OAuth 2.0, a widely recognized framework that provides secure delegated access without exposing user credentials.
To further enhance security, Role-Based Access Control (RBAC) is used to restrict access based on user roles, ensuring users only have permissions necessary for their responsibilities. These protocols collectively ensure secure integration with third-party systems while adhering to industry standards for API security.
6. How does Autochart.ai protect Personal Health Information (PHI)?
Autochart.ai employs industry-leading safeguards, including:
AES-256 encryption for data at rest and TLS 1.2+ for data in transit.
Data minimization principles to limit PHI to the minimum required.
Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA).
Logging and auditing for monitoring access and usage.
Regular vulnerability assessments and penetration tests.
7. How does Autochart.ai prevent unauthorized access?
Autochart.ai uses industry-leading security tools and integrations to safeguard user data, including:
Auth0 (Okta) for secure authentication, featuring MFA and anomaly detection.
Zero Trust Architecture to enforce least-privilege access and minimize risks.
Continuous monitoring with Security Information and Event Management (SIEM) tools, which aggregate and analyze security data across the platform to detect, investigate, and respond to threats in real-time.