Designed to support
HIPAA-aligned workflows.
CliniLoom is built so clinical staff stay in control of every patient-affecting action. We position ourselves as a workflow layer for administrative work — not as an autonomous clinical decision-maker.
HIPAA-designed. SOC 2 Type II and ISO 27001 certified.
CliniLoom is designed to be HIPAA compliant and operates under a Business Associate Agreement (BAA v1.2, available since January 2024) with every customer processing PHI. Our primary data center is SOC 2 Type II certified (March 2025) for security, availability, and confidentiality controls, and ISO 27001 certified (June 2025) for its information security management system. Reports and certificates are available under NDA.
Human-reviewed workflows
AI prepares the work — staff approve, edit, or reject before anything reaches a patient or payer.
Clinical-sensitive items route to providers; administrative items route to staff with the right permissions.
Urgent clinical concerns surface to a clinician within minutes, with clear audit of who was notified.
CliniLoom never auto-sends messages, auto-submits PAs, or auto-signs notes.
No autonomous clinical decision-making
CliniLoom does not diagnose, prescribe, code claims, or finalize clinical documentation on its own. Every output is a draft attached to a reviewable record with sources, a confidence indicator, and required reviewer roles.
- No diagnostic determinations
- No automatic prescribing or refill approval
- No automatic claim submission
- No autonomous sending of patient communication
Audit logs
Every AI draft, every human action, and every system event is captured with timestamp, actor, entity, and source references. Clinic admins can export audit logs as CSV or JSON for internal compliance review and incident response.
- Per-entity audit trail (intake packet, message, PA, note, code review)
- Actor identity and role at the time of action
- AI source references retained alongside outputs
- Configurable retention windows on Enterprise
Staff-controlled patient communication
Patient-facing drafts require explicit human approval — no scheduled auto-sends.
Drafts adopt clinic templates and tone. Edits are tracked side-by-side with the original draft.
Final sent text, sender, and recipient retained in the patient timeline.
Administrative support boundaries
CliniLoom supports the administrative side of clinic operations: intake, triage, prior authorization preparation, follow-ups, note assembly, and coding documentation review. Clinical judgment, prescribing, and the decision to send always belong to the clinic.
Ready to review the details?
Request our security one-pager, the BAA template, and a walkthrough of the audit log.