Healthcare security is complicated.
BastionGPT makes it easy.
Our team culture and operations are centered around maintaining customer trust, which is our utmost priority. We uphold this commitment by incorporating cybersecurity as the core of all our operations, employing a defense-in-depth strategy and aligning to NIST standards. We adhere to best-in-class security practices, which ensure all handling of chat history and customer data is processed, stored and treated in alignment with HIPAA regulations.
Risk Assessment and Vulnerability Scans
To protect your data from evolving cybersecurity threats, we conduct internal risk assessments. These assessments are performed regularly, and include trusted 3rd party review of code for security flaws after every major code modification. Our services maintain an A+ rating with SecurityScorecard.
Penetration Tests and Code Reviews
To ensure the highest level of security, we perform regular 3rd party penetration tests. These tests are designed to detect potential vulnerabilities and enable us to strengthen our defense measures. We also conduct static code reviews during every code deployment to further scrutinize our codebase for any potential threats or vulnerabilities that might go undetected in a dynamic analysis.
Data Access and Control
Information submitted to BastionGPT is limited to only trained individuals with a need to know, and always according to the principles of least privilege. Chat history is stored within the BastionGPT secure cloud and is deleted after 30 days. It is only accessed when needed to uncover abuse or resolve a technical problem.
To ensure the security of your information, the BastionGPT team does not provide 3rd party access to sensitive customer information, such as any PHI or PII, apart from Microsoft. BastionGPT has the requisite HIPAA BAA and security assurances in place with Microsoft to ensure your information remains secure.
Chat history is not provided to OpenAI, and is not used to develop future models of ChatGPT.
Our company takes pride in our intense focus on cybersecurity and has not fallen victim to any breaches of security. Our steadfast commitment to rigorous security protocols and preventative measures has proven to be effective in safeguarding our systems and data.
Trust and Compliance Portal