Clinician and patient trust is of the highest priority at Simcha AI. We hold ourselves accountable to a HIPAA-compliant data storage and processing protocol for all data captured and shared through our platform.

Internal Personnel Security

All Simcha AI employees are required to:

• Undergo background checks before being hired.

• Complete annual security awareness training on HIPAA, privacy, and information classification.

Compliance

Simcha AI conducts regular risk assessments to ensure policies remain up-to-date and relevant. 

Secure Development Lifecycle

• All software changes are reviewed for compliance.

• Simcha AI practices infrastructure-as-code. All infrastructure changes are reviewed before deployment.

• All engineers complete secure development practices training.

Cloud Hosting and Availability

• All hosting services and data are stored and processed within Google & Microsoft’s Azure secure data centers.

• Simcha AI has a HIPAA Business Associate Agreement with Google & Microsoft.

• Simcha AI leverages Google & Azure’s high-availability infrastructure to ensure the data is always accessible.

Confidentiality and Data Encryption

All data is encrypted at-rest and in-transit using standard encryption schemes.

Vendor Management

• All Vendors who may process patient information are required to be HIPAA compliant and sign BAAs with Simcha AI.

• Simcha AI regularly reviews vendor security practices to ensure continued high standards.

Artificial Intelligence

• All AI models are HIPAA compliant and don’t retain data.

• Protected health information is never used for AI training purposes.

Patient Information

• Client information is encrypted at-rest and in-transit.

• Client notes can be manually deleted at any time.