Trust & security

Built for regulated
healthcare environments.

SOC 2 Type I SOC 2 Type II BAA-ready (HIPAA) 42 CFR Part 2 architecture Azure BAA

PHI security, audit-ready architecture, and flexible deployment, including programs with the strictest federal confidentiality requirements. All AI inference runs inside Microsoft Azure under a signed Business Associate Agreement. Patient data is never sent to external LLM APIs.

On request, we'll share our SOC 2 Type II report, security questionnaire responses, and customer references under NDA.

Request a BAA Request the SOC 2 report

Security & Privacy

  • SOC 2 Type I and Type II attestations completed
  • BAA-ready (HIPAA)
  • 42 CFR Part 2 architecture for SUD and behavioral health
  • All inference on Microsoft Azure under signed BAA. No patient data to external LLM APIs.
  • AES-256 encryption at rest, TLS 1.3 in transit
  • Role-based access, least-privilege design
  • Full access traceability and audit logging
  • Data residency: United States

Deployment Options

  • Cloud: US-based, Microsoft Azure
  • On-premise: for organizations requiring local infrastructure control
  • Hybrid: selective module placement
  • Phased rollout by department, facility, or workflow

HITRUST CSF roadmap

HITRUST CSF i1 certification targeted by Q1 2027. We track readiness publicly and will publish the certification status on this page when achieved.

AI disclosure

How Adentris uses AI, in plain language.

Adentris uses generative AI to draft prior authorizations, draft appeals, draft discharge summaries, and surface coding and documentation gaps. The output is always a draft for a licensed clinician or compliance professional to review, edit, and approve. AI does not make final clinical or coverage decisions.

Human in the loop

Every AI-generated artifact (PA packet, appeal letter, discharge summary, coding suggestion) is presented to a credentialed user for review before submission. Adentris does not auto-submit clinical documents on the user's behalf.

Provenance and traceability

Every AI output records the source chart snippets it drew from, the rule or guideline it referenced, the model version that generated it, and the user who reviewed and approved it. Audit logs are exportable.

State-law disclosures

We comply with California SB 1120 (provider notice of AI use in coverage decisions), AB 3030 (generative-AI disclosure on patient communications), Texas TRAIGA, and the New York AI Companion Law where applicable. Module pages with AI-touchpoint disclosures link back to this section.

Data we send to model providers

All inference runs inside Microsoft Azure under a signed BAA, using Azure OpenAI Service or Adentris-owned models. Patient data is never sent to consumer OpenAI, Anthropic, or Google APIs. The current model inventory is available on request via security@adentris.com.

Bias monitoring

Documentation QA and Coding QA outputs are monitored for differential miss rates across patient demographic groups in customer-specific dashboards. Findings drive prompt updates and rule revisions; methodology is shared with each customer's clinical leadership.

Opt-out by workflow

Customers can disable AI generation per module, per facility, or per care setting. Adentris will continue to surface rule-based findings without AI involvement where the customer chooses.

Request a BAA

Get a signed BAA in 24 hours.

Mutual NDA and BAA available before any data is shared. We use a one-page mutual NDA template. The BAA covers AI inference under Microsoft Azure.

Goes to sales@adentris.com. Response under one business day.