Omni ClinAIde← Home

Trust

Security & HIPAA

Omni ClinAIde is built for clinical environments. Here's how we protect the data entrusted to the platform.

Encryption Everywhere

TLS 1.2+ for all data in transit. AES-256 encryption at rest for the database and storage.

Row-Level Security

Every database table is protected by row-level security policies — users can only access records they own.

Strong Authentication

Industry-standard email/password and OAuth flows with secure session tokens. Admin approval required for new clinical accounts.

Audit Logging

Sensitive actions — admin changes, role grants, case access — are recorded in an append-only audit log.

De-identified by Design

The platform is built around de-identified clinical scenarios. Direct patient identifiers (name, MRN, SSN) must not be entered.

Vendor Diligence

AI providers (Google, OpenAI, Anthropic) are accessed through enterprise APIs with training-on-data disabled where contractually available.

HIPAA Posture

Omni ClinAIde is designed to be used with de-identified clinical data and is not intended to receive Protected Health Information (PHI) as defined by 45 CFR § 164.514. Users are required to acknowledge a PHI gate before accessing the application and to omit direct patient identifiers from all case input.

For organizations requiring a Business Associate Agreement (BAA) for use with identified PHI, please contact us — enterprise deployments with BAA coverage are available on request.

Infrastructure

  • Hosted on SOC 2 Type II–certified cloud infrastructure.
  • Database protected by Postgres row-level security (RLS) on every table.
  • Edge functions run in isolated, serverless containers with no shared state.
  • Secrets and API keys stored in an encrypted vault — never in source code.
  • Automatic daily backups with point-in-time recovery.

Access Control

  • Clinician accounts require explicit administrator approval before activation.
  • Role-based access (admin / clinician) enforced at the database level.
  • Sessions use short-lived tokens with automatic refresh and logout.

Responsible Disclosure

Found a security issue? We appreciate responsible disclosure. Please email security@omniaigi.com with details and steps to reproduce. We commit to acknowledging valid reports within 5 business days.

Compliance Roadmap

We are actively working toward formal SOC 2 Type II attestation and a HIPAA compliance program suitable for enterprise clinical deployments. For current status or to request our security questionnaire, contact security@omniaigi.com.