Security
Security overview
AI MedPad is designed for clinical documentation workflows where sensitive health information requires clear access, review, and vendor assessment controls.
Access controls
Clinical workspaces should use role-based access, least privilege, and account controls appropriate for sensitive records. Administrative access should be limited to authorized personnel and reviewed periodically.
- Use unique accounts for every clinician and administrator.
- Limit workspace access to authorized members of the practice.
- Review permissions when staff roles change or accounts are deactivated.
Auditability
Security review should cover audit trails, data retention, incident response, and administrative access procedures. For clinical teams, auditability is important because generated notes and patient-related activity must remain attributable and reviewable.
- Track user access and administrative changes.
- Keep generated documentation in a reviewable draft state before clinical approval.
- Document retention and deletion procedures for customer review.
Data protection
AI MedPad should be assessed as part of a clinic's broader security program before production use. Vendor review should confirm encryption practices, hosting environment, backup posture, subprocessors, vulnerability management, and data retention settings.
- Confirm encryption in transit and at rest.
- Review approved subprocessors and hosting regions.
- Confirm export, deletion, and retention workflows before go-live.
Vendor review
Clinics evaluating AI MedPad should request current security documentation, any available SOC 2 materials, HIPAA-related documentation, subprocessor information, and incident response procedures. Security questions can be directed to security@aimedpad.com.