Security & compliance
Security and compliance for ASC data
Perivanta is built for HIPAA-regulated environments, with business associate agreements, encryption, access controls, audit logging, and a SOC 2 Type II roadmap ahead of general availability.
How we handle PHI
Business associate agreements
We operate under BAAs with the centers we work with. PHI handling responsibilities are contractual before any data moves.
Encryption everywhere
Data is encrypted in transit (TLS 1.2+) and at rest. Keys are managed through hardened cloud key-management services.
Least-privilege access
Role-based access controls on every surface, for our customers and for our own team. Production access is limited, logged, and reviewed.
Audit logging
Access to systems handling PHI is logged and auditable — who touched what, when, and why is answerable, not assumed.
Data minimization
We ingest what the platform needs to do its job and no more. De-identified or limited data sets are used wherever the work allows.
Tenant isolation
Each center’s data is logically isolated. One customer’s data is never used to answer another customer’s question without explicit agreement.
How we build with AI in a clinical business
Recommendations, not silent actions
Perivanta surfaces recommendations with the reasoning attached. Schedule, staffing, and billing decisions are made by your team — the platform doesn’t act unilaterally on clinical or financial workflows.
Customer-controlled data use
Customer data is used to serve that customer. Any broader use — benchmarking, model improvement — happens only under terms agreed in writing, with de-identification appropriate to the use.
Explainable recommendations
If the platform flags a block for release or a claim for review, you can see why the recommendation was made.
Our compliance roadmap
Current status:
- NowHIPAA-aligned architecture and operations: BAAs, encryption, access controls, audit logging, and workforce security practices as described above.
- RoadmapSOC 2 Type II examination ahead of general availability. We’ll publish the report’s availability here when it’s complete.
Security questions, disclosure reports, or diligence requests: scott@agenticmediasolutions.com. We respond to security reports as a priority.
Design partner program
Help build the system that decides what should happen next
We are selecting a small group of founding centers to shape the platform. Design partners get early access, direct input on the roadmap, and founding-partner terms.