Security & Privacy
Patient data is sensitive. We build Winglet with security and privacy as foundational requirements — not afterthoughts.
Built for healthcare security requirements
Winglet is designed to meet the security and compliance expectations of healthcare organizations handling protected health information.
HIPAA-aware design
Winglet is built with HIPAA compliance requirements in mind. Patient data handling follows established healthcare privacy standards.
Encrypted data in transit and at rest
All patient data is encrypted using industry-standard protocols both during transmission and while stored.
Access controls and audit trails
Role-based access controls ensure that users only see what they need to. Audit trails track access and actions for accountability.
Secure cloud infrastructure
Winglet runs on enterprise-grade cloud infrastructure with redundancy, monitoring, and security controls built in.
Business Associate Agreements
We execute BAAs with covered entities and business associates as required under HIPAA.
Staff oversight by design
AI-assisted workflows are designed with human review and approval steps — clinical teams remain in control of patient data and decisions.
Our approach to AI and patient data
Winglet uses AI to assist with intake routing, draft HPI preparation, and other workflow tasks. We believe AI in healthcare should augment clinical teams, not replace their judgment or operate without oversight.
Every AI-assisted workflow in Winglet is designed with human review and approval steps. Clinical staff review AI-generated drafts before they are used. No AI output is presented to patients or providers without a staff member having the opportunity to review and approve it first.
We do not use patient data to train external AI models. Patient data processed by Winglet is used only to deliver the services your practice has contracted for.