• Home
  • How it Works
    • 3 Easy Steps
    • PAC DB™ - the AI Engine
    • CPV™ - the Feedback Loop
  • MyChart™ Integration
    • Plain Language Summaries
    • Secure Technology
    • Epic SMART on FHIR
  • Solutions
    • Equity in Care
    • Benefits for Healthcare
    • CMS Impact & Star Ratings
  • About
    • CCAI Systems
    • AI Doesn't Care
    • Hosting, HIPAA & PHI Data
    • Privacy
    • Security
    • Contact Us
  • Resources
    • Research & Evidence
    • FAQ for Patients
    • FAQ for Providers (PX)
    • FAQ for Providers (IT)
    • FAQ for Investors
    • Glossary
  • More
    • Home
    • How it Works
      • 3 Easy Steps
      • PAC DB™ - the AI Engine
      • CPV™ - the Feedback Loop
    • MyChart™ Integration
      • Plain Language Summaries
      • Secure Technology
      • Epic SMART on FHIR
    • Solutions
      • Equity in Care
      • Benefits for Healthcare
      • CMS Impact & Star Ratings
    • About
      • CCAI Systems
      • AI Doesn't Care
      • Hosting, HIPAA & PHI Data
      • Privacy
      • Security
      • Contact Us
    • Resources
      • Research & Evidence
      • FAQ for Patients
      • FAQ for Providers (PX)
      • FAQ for Providers (IT)
      • FAQ for Investors
      • Glossary
  • Home
  • How it Works
    • 3 Easy Steps
    • PAC DB™ - the AI Engine
    • CPV™ - the Feedback Loop
  • MyChart™ Integration
    • Plain Language Summaries
    • Secure Technology
    • Epic SMART on FHIR
  • Solutions
    • Equity in Care
    • Benefits for Healthcare
    • CMS Impact & Star Ratings
  • About
    • CCAI Systems
    • AI Doesn't Care
    • Hosting, HIPAA & PHI Data
    • Privacy
    • Security
    • Contact Us
  • Resources
    • Research & Evidence
    • FAQ for Patients
    • FAQ for Providers (PX)
    • FAQ for Providers (IT)
    • FAQ for Investors
    • Glossary

ClearChart AI is Built for Security.

Security Protections.

Session Access Model

ClearChart.AI uses ephemeral, session-based access to ensure minimal exposure of sensitive information. Once a summary is viewed, access expires—and no data remains on our system. The session-bound model limits risk, supports compliance, and ensures ClearChart.AI can deliver secure, scalable access—without introducing unnecessary retention or exposure.
 

How It Works:
• OAuth2 + SMART on FHIR: Secure login and data access with standard scopes.
• Ephemeral Sessions: Access lasts only for the session; no data retained afterward.
• No Refresh Tokens Used: Sessions cannot be reactivated or extended.
• Scope-Constrained Retrieval: Only the data needed for the summary is accessed.

Architecture Overview

ClearChart.AI follows a modular, secure-by-design architecture that supports scalability, redundancy, and clear separation of logic, presentation, and data handling. Our architecture is designed to be secure, scalable, and integration-friendly—ready for review by enterprise IT and Epic security teams.
 

Key Architecture Elements:
• API-First Design: Built around SMART on FHIR with strict scope control.
• Stateless Infrastructure: Sessions are not cached or stored.
• Encryption Everywhere: TLS/HTTPS enforced across all layers.
• Role-Based Access Controls (RBAC): Admins can configure internal controls.
• Zero Write to Epic: The system reads from Epic but never writes back.
 

PHI Protections

Protecting PHI is core to how ClearChart.AI is built. From ephemeral access to zero storage, every design choice minimizes patient data exposure. ClearChart.AI protects patient data by design—meeting security expectations and enabling confident enterprise deployment.
 

PHI Safeguards:
• Read-Only Access: No modification or backwrite to EHRs.
• No Local Storage: Nothing is written to disk or reused after session ends.
• Short-Lived Tokens: Access windows are limited and controlled.
• De-Identified Feedback: CPV never collects or stores patient identifiers.
• Audit Logging: All access is time-stamped and auditable.
 

FAQs on Risk & Oversight

Common questions from compliance officers, security reviewers, and Epic teams—answered clearly.
FAQs:
• Does ClearChart.AI modify Epic data? → No. It uses read-only scopes.
• Is PHI stored or used for training? → No. All access is ephemeral and discarded.
• Can patients access summaries securely? → Yes. MyChart login is required for access.
• What audit controls are in place? → All access is logged, scoped, and time-bound.
• What happens after a session ends? → Access expires. No data is retained.
 

Security & HIPAA

ClearChart.AI is built for privacy from the ground up. The platform operates in a HIPAA-compliant environment and never stores or uses PHI for training. All data access is temporary, purpose-bound, and audit-controlled.
 

Privacy Highlights:
• HIPAA-Compliant Hosting: Encrypted at rest and in transit.
• No PHI Storage: ClearChart.AI accesses but does not retain patient data.
• No PHI Used for AI Training: Models are not exposed to patient-specific content.
• Session-Based Access Only: Data is retrieved and discarded per session—nothing persists.
• Built to Minimize Risk: Infrastructure and access models are designed to reduce exposure.
 

Full details on our Privacy Page.

ClearChart AI™, PAC DB™, CPV™, and APS™ are trademarks of CCAI Systems, LLC.  MyChart™ is Epic’s mark. 

  • Privacy
  • Security
  • Contact Us
  • FAQ for Patients
  • Glossary

Copyright © 2025 CCAI Systems, LLC.

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept

If you’ve made it this far, you’re one of us.

Deep in the details? Perfect. You’ve got ideas, questions, and maybe a few challenges you’d throw at the system. Get early access to the beta and help make it even better. 

Get First Access