Run your practice on AIdMD. Pay nothing until it's earned it.

Security & Compliance

Healthcare-Grade Security. Built In, Not Bolted On.

AIdMD is designed for regulated clinical environments with strong security, privacy, and governance controls.

HIPAA CompliantSOC 2-AlignedSMART on FHIRHL7 FHIR R4

Security Pillars

HIPAA-Aligned Architecture

  • BAA available with covered entities
  • Hosted on Microsoft Azure HIPAA-eligible services
  • Microsoft BAA in place

Private AI Environment

  • Azure OpenAI used exclusively
  • PHI is not used for model training or fine-tuning
  • Tenant data isolation enforced

Controlled Data Handling

  • Clinical data fetched on demand — not stored persistently
  • No persistent copy of medical records
  • AI conversations not persisted beyond the session by default

Auditability & Access Control

  • Role-based access control (RBAC)
  • Admin audit tooling and approval workflows
  • Audit logs retained for 6 years

Encryption & Authentication

  • TLS 1.2+ in transit · AES-256 at rest
  • Azure Key Vault for secrets management
  • SMART on FHIR OAuth 2.0 + PKCE
  • Token deletion on logout / session end

Deployment Options

Recommended

Cloud Hosted (Recommended)

Fully managed on Azure (US regions). HIPAA compliant, BAA included. 99.9% uptime SLA. Daily backups with point-in-time recovery.

On-Premises

Deploy on your own infrastructure. Full data sovereignty. Custom configuration. Professional services included.

Conservative Deployment

Start read-only. Expand access and workflow actions based on your organization's governance comfort level.

In Practice

Security that holds up to real scrutiny.

Compliance

Cleared IT security review in under two weeks.

Our IT team ran a full security review before approving any clinical AI tool. AIdMD had answers for every question — BAA, encryption, data handling, audit logs. We signed the BAA and were live within the same week.

Director of Clinical Informatics

Hospital-affiliated outpatient clinic

Days to full IT clearance

Including BAA signing

Years audit log retention

HIPAA-compliant retention

Deployment

Read-only by default — our governance team loved that.

We started with read-only access and expanded write capabilities feature by feature as our governance board approved each workflow. AIdMD's layered permission model matched exactly how we needed to roll this out.

CMIO, Multi-location specialty group

Enterprise deployment — SMART on FHIR

Weeks to go live

Enterprise FHIR integration

%

Actions require sign-off

No AI writes without clinician approval

Have security questions?

Talk to our compliance team — we're happy to walk through our controls and answer your security questionnaire.

Ready to Reclaim Your Clinical Time?

Schedule a personalized demo — we'll walk through your workflow and set your practice up with a free trial.

Schedule a Demo