Data handling
Protected data stays inside controlled workflows with private infrastructure, encryption in transit and at rest, and access restricted to authorized roles.
Trust Center
Security, expert review layers, and HIPAA-conscious workflows for teams that need confidence before they commit.
Designed for
Expert-led operations
Trust controls are built around the reality that AI output is reviewed and refined by experienced specialists before the next team depends on it.
Structured around
Scoped access and accountability
Access, review, and operational handoffs are organized so diligence conversations stay concrete.
Available for
Security and compliance review
We support buyer questions around data handling, workflow controls, review responsibilities, and operational posture.
Our Security Philosophy
At Anot Health, security isn't a feature - it's the foundation of our platform. We understand the critical nature of Protected Health Information (PHI) and have built our systems to exceed industry standards for healthcare data protection.
SOC 2 Type II
Independently audited for security, availability, and confidentiality.
Encryption
AES-256 at rest and TLS 1.3 in transit to help keep your data protected throughout the workflow.
1. Business Associate Agreement (BAA)
Anot Health enters into a standard Business Associate Agreement with every provider and healthcare organization we serve. This agreement outlines our shared responsibilities in protecting patient data under HIPAA regulations.
2. Access Controls
We implement strict Least Privilege Access (LPA) policies. Only authorized clinical documentation experts and seasoned specialists have temporary, audited access to de-identified notes solely for the purpose of clinical verification.
3. AI Safety & Privacy
Your clinical data is never used to train public AI models. Our proprietary models are hosted in private, HIPAA-eligible virtual clouds, ensuring that your patient conversations and chart data remain within your secure environment.
4. Infrastructure Security
- Private Cloud: Dedicated instances for clinical processing.
- Audit Logs: Comprehensive logging of every data access event.
- Data Residency: All data is stored and processed within the United States.
5. Security Inquiries
For a copy of our SOC 2 report or to perform a security audit of our platform, please reach out to our team at admin@anot.health.
What buyers usually need to know before moving forward
This is the practical trust layer behind the platform, translated into the questions operations, compliance, and leadership teams actually ask.
Expert review model
Our experienced clinical experts are part of the operating design, not an afterthought. Access is scoped, audited, and tied to the specific work required for quality review.
Operational safeguards
Audit logs, least-privilege controls, and formal agreements help keep the workflow accountable from intake through delivery.
Security review support
We can support diligence conversations, security review requests, and documentation needs as part of enterprise or practice evaluation.
How the trust posture shows up in real operations
Enterprise and multisite teams usually need more than policy language. They need to understand how the control model behaves inside the workflow itself.
Data handling posture
Protected data moves through controlled infrastructure, encrypted transport paths, and restricted workflow boundaries designed for healthcare operations.
Expert access governance
Expert review is tied to specific operational work, with scoped access, traceability, and oversight rather than broad undefined exposure.
Validation quality layer
The trust model is not only about storage and access. It is also about whether reviewed output is safer for providers, coders, billers, and finance teams to use next.
Auditability
Operational and access events can be discussed in review conversations so buyers understand how accountability is maintained over time.
Risk-aware deployment
Implementation planning considers where risk sits in the workflow and how controls need to support the people making real downstream decisions.
Diligence support
Security, privacy, and operational stakeholders can use the Trust Center as a starting point and continue the review with a tailored conversation.
What we help teams evaluate
The questions behind most enterprise and practice diligence reviews
- How PHI is handled across capture, processing, review, and delivery
- How clinical experts access work and what governs that access
- How auditability, encryption, and operational controls fit together
- How the workflow reduces risk instead of shifting it to the next team
- How implementation and support teams handle trust questions during rollout
How review usually works
1. Initial fit review
We understand the services in scope, the workflow risk areas, and which stakeholders need trust answers early.
2. Security and compliance discussion
We align on data handling, infrastructure posture, expert review controls, and documentation needs for the buyer team.
3. Operational walkthrough
We connect trust controls to the real workflow so operations, leadership, and compliance teams can evaluate the model together.
A practical path through security review
This is the sequence many buyer teams follow when they need to evaluate both the workflow model and the safeguards around it.
01
Scoping
Define the workflow in scope
We identify which services, data paths, review roles, and system handoffs need to be evaluated first.
02
Diligence
Review controls and responsibilities
Security, compliance, and operations teams align on how data handling, access, auditability, and review oversight are managed.
03
Validation
Map safeguards to the actual workflow
We show how trust controls support the operating model, not just the legal model, so buyers can evaluate real downstream impact.
04
Launch planning
Carry the trust posture into rollout
Implementation and review plans are aligned so operational teams are not left translating trust requirements on their own.
What we can bring into a trust review
Buyer teams usually need more than one answer. We help connect technical safeguards, operating controls, and implementation expectations in one review path.
Core platform safeguards
- Encryption in transit and at rest
- Private infrastructure for clinical processing
- Auditability around access and workflow events
Expert review controls
- Scoped access tied to actual verification work
- Role-based handling instead of broad undefined exposure
- Workflow accountability from intake through delivery
Diligence support for stakeholders
- Trust conversations for compliance, IT, and operations
- Implementation framing for workflow-specific risk
- Follow-up review support before rollout decisions
Questions security and operations teams often ask
These are common diligence questions when buyers are evaluating whether the trust model will stand up in practice.
How does expert review fit into a HIPAA-conscious workflow?+
Expert review is built into the workflow deliberately, with scoped access, traceability, and role-based handling rather than informal review outside the system.
Is buyer diligence limited to legal documents alone?+
No. We treat trust review as both a compliance conversation and an operational conversation so the buyer team can understand how safeguards behave in the real workflow.
Can trust review happen before a full implementation decision?+
Yes. Many teams want to review security posture, data handling, and human validation controls before committing to a wider rollout discussion.
Do you help align trust review with different stakeholder groups?+
Yes. Operations, compliance, IT, leadership, and finance often care about different parts of the workflow, so we help frame the review in language each group can use.
Need a trust review before the full product discussion?
We can start with the safeguards, the workflow controls, and the diligence questions your team needs answered first.