Vosaic’s HIPAA Compliance

Some classroom, counseling, medical simulation, or therapy videos may contain sensitive information about students or clients. Vosaic is built to protect that information and support your compliance with HIPAA when PHI is involved.

Here’s what HIPAA compliance means in the context of using Vosaic:

1. Your institution stays fully in control of all protected health information.

We only use PHI to operate the platform and support your programs. We never use, share, or repurpose that data for any other reason.

2. Vosaic signs Business Associate Agreements (BAAs) when needed.

If your videos include PHI, Vosaic will enter into a BAA that outlines exactly how PHI is protected and how it can be used.

3. Only authorized personnel can access videos or PHI.

Access is fully controlled by your institution. Vosaic provides role-based permissions, SSO/LTI, and audit logs so you can restrict and track who sees what.

4. All data is encrypted and protected using industry-standard security controls.

Videos and PHI are encrypted during upload, download, analysis, and storage. We use secure AWS infrastructure, enforce strict internal access controls, and follow secure development and incident-response processes.

5. Vosaic does not redisclose PHI to anyone.

We never share your videos or information with third parties unless you explicitly direct us to do so.

6. We do not use any PHI, videos, or customer data to train AI or machine-learning models.

AI Mate analyzes only the content you upload for your own educational purposes. No student, client, or patient data is ever added to model training sets or reused outside your environment.

7. Institutions control retention and deletion.

You can delete videos, users, and PHI-containing content at any time. When a contract ends, Vosaic securely deletes all customer data following documented procedures.

8. Vosaic supports your HIPAA obligations without interacting with patients directly.

If your policies require access, auditing, or deletion of PHI, Vosaic works with your institution to fulfill those requests—never with patients or clients directly.