Millions of automations. Maximum security.

Thoughtful revolutionizes healthcare administration by automating tasks, ensuring efficiency, accuracy, and compliance. Our commitment lies in transforming healthcare operations with AI, aiming to optimize profitability and achieve operational excellence. This page provides an overview of our dedication to compliance and security, offering access to certifications, documentation, and high-level details on our strict control adherence.

Compliance & Monitoring

Compliance

Documents

Request Docs

Infrastructure Security

  • We maintain our service infrastructure
  • We conduct regular backups of production data
  • Multi-factor authentication (MFA) is enforced on all systems
  • Firewalls and intrusion prevention and detection systems protect our network

Product Security

  • Data is encrypted both at rest and in transit
  • Vulnerability and system monitoring procedures have been established

Data and privacy

  • Established privacy policy
  • Security awareness and privacy training

Organizational Security

  • All endpoints are encrypted
  • Anti-malware technology is utilized
  • Password policy is enforced
  • Security training is implemented
  • Contractors sign Confidentiality Agreements and BAAs
  • Production inventory is maintained
  • Employees acknowledge Confidentiality Agreements

Internal Security

  • Scanned for and remediated vulnerabilities
  • Tested the incident response plan
  • Processed access requests as required
  • Restricted production deployment access
  • Enforced change management procedures
  • Established a configuration management system
  • Provided an available support system
  • Established third-party agreements
  • Maintained cybersecurity insurance
  • Reviewed system capacity

Frequently Asked Questions

How does Thoughtful provide a bridge letter for SOC 2 Type II?

At Thoughtful, we understand the importance of maintaining continuous assurance of our security controls, especially during the interim period between our annual SOC 2 Type II audits. To address this, we provide a bridge letter, also known as a gap letter, upon request. This letter, prepared by our independent auditors, outlines any changes in our controls since the last audit and provides assurance that our controls continue to operate effectively. Please contact our Compliance Department if you require a bridge letter or have any further questions about our SOC 2 Type II compliance.

Does Thoughtful sign Business Associate Agreements (BAAs)?

Yes, Thoughtful is committed to supporting our healthcare clients in maintaining HIPAA compliance. As part of this commitment, we are willing to sign Business Associate Agreements (BAAs). A BAA is a legally binding document that outlines our responsibilities in handling and protecting your Protected Health Information (PHI). By signing a BAA, we assure you that we have the necessary safeguards in place to protect your PHI, and we accept accountability for any breaches in compliance. Please contact our Compliance Department to initiate the BAA process.

How does Thoughtful ensure the security of its automation modules?

At Thoughtful, we take the security of our modules very seriously. Each module operates within a secure environment with strict access controls. Data processed by our modules are encrypted both in transit and at rest, ensuring that your information is always protected. We also conduct security audits and vulnerability assessments to identify and address potential risks. Furthermore, our modules are designed to follow the principle of least privilege, meaning they only have access to the data and resources necessary to perform their tasks. This minimizes the potential impact of any security threats. Rest assured, the security of your data is our top priority.

Achieving Guaranteed Outcomes and ROI

Join leading healthcare providers and:

  • Collect more money, faster
  • Higher capacity, less headcount
  • Acquire and retain more patients

Request Demo