Skip to content

Security & compliance

Security and compliance for ASC data

Perivanta is built for HIPAA-regulated environments, with business associate agreements, encryption, access controls, audit logging, and a SOC 2 Type II roadmap ahead of general availability.

How we handle PHI

Business associate agreements

We operate under BAAs with the centers we work with. PHI handling responsibilities are contractual before any data moves.

Encryption everywhere

Data is encrypted in transit (TLS 1.2+) and at rest. Keys are managed through hardened cloud key-management services.

Least-privilege access

Role-based access controls on every surface, for our customers and for our own team. Production access is limited, logged, and reviewed.

Audit logging

Access to systems handling PHI is logged and auditable — who touched what, when, and why is answerable, not assumed.

Data minimization

We ingest what the platform needs to do its job and no more. De-identified or limited data sets are used wherever the work allows.

Tenant isolation

Each center’s data is logically isolated. One customer’s data is never used to answer another customer’s question without explicit agreement.

How we build with AI in a clinical business

Recommendations, not silent actions

Perivanta surfaces recommendations with the reasoning attached. Schedule, staffing, and billing decisions are made by your team — the platform doesn’t act unilaterally on clinical or financial workflows.

Customer-controlled data use

Customer data is used to serve that customer. Any broader use — benchmarking, model improvement — happens only under terms agreed in writing, with de-identification appropriate to the use.

Explainable recommendations

If the platform flags a block for release or a claim for review, you can see why the recommendation was made.

Our compliance roadmap

Current status:

  • NowHIPAA-aligned architecture and operations: BAAs, encryption, access controls, audit logging, and workforce security practices as described above.
  • RoadmapSOC 2 Type II examination ahead of general availability. We’ll publish the report’s availability here when it’s complete.

Security questions, disclosure reports, or diligence requests: scott@agenticmediasolutions.com. We respond to security reports as a priority.

Design partner program

Help build the system that decides what should happen next

We are selecting a small group of founding centers to shape the platform. Design partners get early access, direct input on the roadmap, and founding-partner terms.