Security & Compliance
Built for the trust healthcare demands
Patient data protection and clinical safety governance are first-class — not bolted on. Here's how CareGuard is designed.
Safety you can audit, not just trust
CareGuard's defining control is that triage urgency is decided in code, not in a prompt. The model extracts symptoms; a fixed, reviewable classifier makes the call. That means your clinical governance team can read, test, and sign off on exactly how the system behaves.
Reviewable rules
The red-flag list and thresholds are explicit code your team can inspect.
Deterministic decisions
The same symptoms always produce the same urgency — no drift.
Conservative bias
When uncertain, the system escalates up, never down.
Data protection
How we handle patient data
Encryption in transit & at rest
All traffic is served over TLS, and patient data is encrypted at rest in your database.
Scoped access & SSO
Role-based access for your team, scoped API keys, and SSO on Enterprise plans.
Full audit logging
Every triage decision — including which red flags fired — is recorded and reviewable.
Your database, your control
Runs on any standard Postgres you own. Data residency stays where you put it.
HIPAA-aligned
Enterprise plans include a BAA and controls aligned to HIPAA requirements.
Least-data by design
The assistant collects only what intake needs — no diagnosis, no medication advice.
This site is a demonstration product and not a medical device. Production deployments are configured to your organization's specific compliance requirements.
Talk to us about your compliance needs
Deploy safe, guided intake and triage in a day. Keep clinical judgment with your team.