Millions of automations. Maximum security.

Thoughtful AI revolutionizes healthcare administration by automating tasks, ensuring efficiency, accuracy, and compliance. Our commitment lies in transforming healthcare operations with AI, aiming to optimize profitability and achieve operational excellence. This page provides an overview of our dedication to compliance and security, offering access to certifications, documentation, and high-level details on our strict control adherence.

Compliance & Monitoring

Compliance

Documents

Request Docs

Infrastructure Security

  • We maintain our service infrastructure
  • We conduct regular backups of production data
  • Multi-factor authentication (MFA) is enforced on all systems
  • Firewalls and intrusion prevention and detection systems protect our network

Product Security

  • Data is encrypted both at rest and in transit
  • Vulnerability and system monitoring procedures have been established

Data and privacy

  • Established privacy policy
  • Security awareness and privacy training

Organizational Security

  • All endpoints are encrypted
  • Anti-malware technology is utilized
  • Password policy is enforced
  • Security training is implemented
  • Contractors sign Confidentiality Agreements and BAAs
  • Production inventory is maintained
  • Employees acknowledge Confidentiality Agreements

Internal Security

  • Scanned for and remediated vulnerabilities
  • Tested the incident response plan
  • Processed access requests as required
  • Restricted production deployment access
  • Enforced change management procedures
  • Established a configuration management system
  • Provided an available support system
  • Established third-party agreements
  • Maintained cybersecurity insurance
  • Reviewed system capacity

Frequently Asked Questions

How does Thoughtful AI provide a bridge letter for SOC 2 Type II?

At Thoughtful AI, we understand the importance of maintaining continuous assurance of our security controls, especially during the interim period between our annual SOC 2 Type II audits. To address this, we provide a bridge letter, also known as a gap letter, upon request. This letter, prepared by our independent auditors, outlines any changes in our controls since the last audit and provides assurance that our controls continue to operate effectively. Please contact our Compliance Department if you require a bridge letter or have any further questions about our SOC 2 Type II compliance.

Does Thoughtful AI sign Business Associate Agreements (BAAs)?

Yes, Thoughtful AI is committed to supporting our healthcare clients in maintaining HIPAA compliance. As part of this commitment, we are willing to sign Business Associate Agreements (BAAs). A BAA is a legally binding document that outlines our responsibilities in handling and protecting your Protected Health Information (PHI). By signing a BAA, we assure you that we have the necessary safeguards in place to protect your PHI, and we accept accountability for any breaches in compliance. Please contact our Compliance Department to initiate the BAA process.

How does Thoughtful AI ensure the security of its AI Workers?

At Thoughtful AI, we take the security of our AI Workers very seriously. Each AI Worker operates within a secure environment with strict access controls. Data processed by our AI Workers is encrypted both in transit and at rest, ensuring that your information is always protected. We also conduct security audits and vulnerability assessments to identify and address potential risks. Furthermore, our AI Workers are designed to follow the principle of least privilege, meaning they only have access to the data and resources necessary to perform their tasks. This minimizes the potential impact of any security threats. Rest assured, the security of your data is our top priority.

See why leading healthcare providers choose Thoughtful AI.

Get a Demo