AI
Med Intake

Security Overview

Understanding our security practices and current limitations

Critical Security Notice

AI Med Intake is a demonstration platform currently in beta testing. It is NOT HIPAA compliant and should NOT be used for real patient data. This service is for evaluation and demonstration purposes only.

Current Security Status

What We Have

  • HTTPS encryption for all data in transit
  • Secure API endpoints with authentication
  • Automated data purging (30 days)
  • Access logging and monitoring
  • Regular security updates

What We Don't Have (Yet)

  • HIPAA compliance certification
  • Business Associate Agreements (BAAs)
  • PHI encryption at rest
  • Audit controls for HIPAA
  • SOC 2 Type II certification

Technical Security Measures

🔒Data Transmission

All data transmitted between your browser and our servers is encrypted using:

  • TLS 1.3 encryption protocols
  • Secure WebSocket connections for real-time communication
  • Certificate-based authentication

🖥️Infrastructure Security

Our infrastructure includes:

  • Cloud-based deployment with security best practices
  • Network isolation and firewall rules
  • Regular security patches and updates
  • DDoS protection

🗑️Data Retention

Our data retention practices:

  • Demo session data is automatically deleted after 30 days
  • Voice recordings are processed and immediately discarded
  • Users can request immediate data deletion

Important Limitations

As a demonstration platform, AI Med Intake has significant security limitations:

  • Not for Protected Health Information (PHI)

    Never enter real patient names, dates of birth, medical record numbers, or actual health conditions

  • No Clinical Decision Support

    AI outputs are for demonstration only and should never be used for actual medical decisions

  • Third-Party Dependencies

    We rely on external services that may have their own security considerations

  • Beta Software

    This platform is under active development and may contain bugs or vulnerabilities

Enterprise Security Solutions

For healthcare organizations requiring HIPAA-compliant solutions, we offer:

🏥Private Cloud Deployment

  • • Deploy within your HIPAA-compliant infrastructure
  • • Full data sovereignty and control
  • • Custom security policies
  • • Integration with existing security tools

🔐Compliance Package

  • • Business Associate Agreement (BAA)
  • • HIPAA compliance documentation
  • • Security audit support
  • • Dedicated compliance team

Interested in a secure, compliant deployment?

Contact Enterprise Sales

Reporting Security Issues

We take security seriously. If you discover a security vulnerability, please:

  1. Do not publicly disclose the issue until we've had a chance to address it
  2. Contact us immediately with details of the vulnerability
  3. Provide sufficient information to reproduce the issue
  4. Allow reasonable time for us to respond and fix the issue

Security Contact:

BuildAI Security Team

Response time: Within 48 hours

Best Practices for Demo Users

To ensure safe use of our demonstration platform:

  • Use fictional data only

    Create realistic but completely fictional patient scenarios

  • Avoid personal information

    Don't use your own or anyone else's real health information

  • Use modern browsers

    Keep your browser updated for the latest security features

  • Report suspicious activity

    Contact us if you notice anything unusual