Medini

Compliance

Healthcare-grade, from day one.

Patient trust is the product. Medini is built with the controls, audits, and agreements clinics need to deploy AI on the front desk with confidence.

The pillars

Six things we get right.

The non-negotiables for any AI handling patient calls.

HIPAA-conscious architecture

Designed for protected health information from day one — not retrofitted onto a generic AI bot.

Encryption everywhere

Data encrypted in transit (TLS 1.2+) and at rest (AES-256). Strict access controls and key rotation.

Full audit logs

Every call transcribed, time-stamped, and reviewable. Nothing happens off the record.

Configurable PHI rules

You decide what Medini can discuss, what it must escalate, and what it should never repeat back.

Human escalation

Sensitive topics, urgent symptoms, or anything out of scope route to a real person — instantly.

BAA available

We sign Business Associate Agreements with clinic customers as part of standard onboarding.

Safeguards

Controls at every layer.

Access control

  • Role-based access for clinic staff
  • SSO and MFA supported
  • Per-call access logs

Infrastructure

  • Hosted on SOC 2-compliant cloud infrastructure
  • Encrypted backups with defined retention
  • Isolated tenant data — never shared across clinics

Data minimization

  • Only collect what the call requires
  • PHI never used to train shared models
  • Configurable retention windows

Incident response

  • Defined breach notification process
  • 24/7 monitoring and alerting
  • Regular third-party security review

Our commitment

Patient data is never the product.

We don't sell data. We don't use PHI to train shared models. We don't share recordings between clinics. Your patients' calls belong to your clinic — full stop.

Request our security pack Ask about a BAA
At a glance

What we sign, what we ship.

  • BAAAvailable at onboarding
  • EncryptionTLS 1.2+ in transit · AES-256 at rest
  • HostingSOC 2 Type II infrastructure
  • Audit logsEvery call, every action
  • Data residencyConfigurable by region
  • Model trainingNever on customer PHI

Bring it to your security team.

We'll send our security overview, sample BAA, and answer any questions your IT or compliance team has.

Talk to us