Can we control who sees PHI?
Yes. Access is role-based and MFA can be enabled for account security.
Security & Compliance
Is this HIPAA-safe and controllable?
Short answer: yes, with clear controls your office can verify quickly. This page is built as a 2-minute trust checklist for cautious office managers.
30-second summary for your owner/physician:
Stonaris drafts with AI, your team approves before submission, and every claim action is logged and exportable.
2-minute office manager checklist
If you can answer these five questions confidently, your team can safely run PHI-sensitive denial workflows.
Can we review who changed a claim?
Yes. Each claim has an audit trail with who acted, what changed, and when.
Are AI outputs controlled by humans?
Yes. All appeal content is AI-generated and clearly marked as a draft. You must review and approve before submitting.
Is data protected in transit and storage?
Yes. HTTPS protects all traffic. Database encryption at rest is enabled in production.
Can we get a BAA in place?
Yes. You sign a BAA electronically during onboarding before uploading any patient data.
AI responsibilities vs human responsibilities
- AI drafts denial analysis and appeal language.
- Your team reviews and approves before anything is submitted.
- Submission history and claim audit trail remain visible for accountability.
BAA signing process
Every practice signs a Business Associate Agreement during onboarding, before any protected health information enters the platform.
- Create your account and begin onboarding.
- Review the BAA terms and sign electronically with the built-in signature pad.
- Your signed BAA is stored securely. You can proceed to upload claims and denial documents.