Trust Center

Security, privacy, and governance by design.

AcuityAI is built for clinical environments where auditability, access control, and deployment governance are non-negotiable.

SecurityData handlingAudit loggingModel governanceAccess control

Security

Designed for hospital security and IT operations.

Data in transit

All data transmitted between components is encrypted using industry-standard protocols.

Data at rest

Clinical data is encrypted at rest with configurable storage boundaries per deployment.

Access control

Role-based access control (RBAC) governs who can view, modify, or export data at every layer.

Network security

Deployment models support isolated network configurations aligned to hospital IT requirements.

Data handling

Clear boundaries. Configurable policies.

Ingestion boundary

Data enters AcuityAI only through defined capture workflows — no unstructured ingestion.

Storage scope

Clinical data is stored only within configured boundaries; retention policies are configurable per deployment.

Data minimization

Only data required for the defined clinical workflow is captured and processed.

De-identification

De-identification and pseudonymization options available for analytics and reporting use cases.

Audit logging & traceability

What happened, when, and why — across the full pipeline.

Every capture event is timestamped and attributed to a device and session.

FHIR resource creation and updates are fully logged with version history.

Scoring invocations record input data, model version, and output with timestamps.

OpenEMR workflow deliveries are logged with encounter context.

Admin actions (configuration changes, access grants) produce immutable audit records.

Model governance

AI that is traceable, monitored, and governed.

Model versioning

Every scoring model is versioned. Each score output is linked to the exact model version that produced it.

Behavioral monitoring

Scoring behavior is continuously monitored for drift, missingness, and outlier patterns.

Human oversight

Clinical escalation pathways ensure AI outputs are reviewed by clinicians before consequential actions.

Change control

Model updates go through a controlled release process with validation gates before production deployment.

Access control

Role-based access, built in from the start.

Every user, device, and service operates with the minimum permissions required. Access is governed by role, enforced at every layer, and logged for audit.

Clinical staff — patient data access scoped to active encounters

Operators — workflow and dashboard access only

Administrators — configuration and access management

Devices — capture-only permissions with session-bound tokens

Audit reviewers — read-only access to logs and traces

Questions about security or compliance?

Talk to our team about your deployment environment and requirements.

Talk to an Integration Lead