Security and Compliance
1. How long will you maintain the data related to ambient_session_id?
1. How long will you maintain the data related to ambient_session_id?
2. How is data security handled within the Suki platform?
2. How is data security handled within the Suki platform?
All data in transit is encrypted via TLS 1.2 via SSL, data at rest is encrypted via AES-256 with Google Services like Cloud SQL, Google Cloud Object/Block Storage. Suki also uses Akamai WAF to protect the edge traffic. In addition, Suki uses de-identified and anonymized data for model training purposes. Any data that is used for ML training and improving the product is de-identified. For audio, we use a de-identification algorithm that breaks audio into chunks and isolates them such that the original audio cannot be re-constructed. The transcript generated is de-identified by removing all PII.
3. How does the Suki Platform handle data encryption?
3. How does the Suki Platform handle data encryption?
All data in transit is encrypted via TLS 1.2 via SSL, data at rest is encrypted via AES-256 with Google Services like Cloud SQL, Google Cloud Object/Block Storage. Suki also uses Akamai WAF to protect the edge traffic.
4. What measures are in place to protect patient privacy?
4. What measures are in place to protect patient privacy?
Clinicians gather consent from patients to use Suki. Suki is not a system or record for consent management between patients and clinicians. We sign BAA PII for patient data handling with the customers.
As Suki’s partner, you are responsible for maintaining your patient consent policies governing collection, use and disclosure of Personal Data and for obtaining the necessary authorizations and consents before any Personal Data are made available to Suki. Suki’s Privacy Policy is here: Security policy.
We do not identify the clinician or the patient in the voice recordings. We diarize to distinguish different speakers without identifying them. Suki also does not create or retain any voice signatures. We use voice only for transcription and summarization of the notes. Hence we do not consider collection of voice recordings as biometric information. These voice recordings are further de-identified by chunking of files. The text transcripts are de-identified to remove PHI and ensure identification of individuals is not possible.
5. How does the Suki platform ensure compliance with relevant healthcare regulations?
5. How does the Suki platform ensure compliance with relevant healthcare regulations?
Suki complies with HIPAA requirements, this ensures data privacy laws are met.