We're Undergoing Our SOC 2 Audit
Patient privacy shaped Around Notes from day one. We passed external HIPAA review; now we're in our SOC 2 Type I and Type II audit. In healthcare, trust should be earned, not assumed.
We're currently undergoing our SOC 2 Type I and Type II audit at Around Notes!
Privacy From Day One
As a physician, patient privacy was drilled into me from day one on the wards. That mindset shaped how I built Around Notes from the moment I hired our first developer. I always tell my team, "Don't break my app, and don't break HIPAA!"
Where We Stand
We've long ago undergone external review of our HIPAA compliance and security posture and passed. Now we're undergoing our SOC 2 Type I and Type II audit as another step in strengthening protection for patient and user data.
The Unglamorous Work
This is the unglamorous work: controls, policies, access reviews, documentation, and outside scrutiny. Good. In healthcare, trust should be earned, not assumed. Not everything in healthcare is as cool as what you see on The Pitt but the job (of patient privacy) must be done.
SOC 2 does not magically make a company good, and plenty of people toss the acronym around like it is a personality trait. But it does force rigor. It forces accountability. And for a company like ours, that matters.
Healthcare AI should not just be fast and impressive. It should be governed like it belongs there and must be safe for all involved.
Tags
About the Author
Dr. Micheal Massoud
Founder & Hospitalist | Wharton EMBA
Physician, founder, and Wharton Executive MBA candidate with roots in military medicine and a mission to make healthcare human again. Former Air Force officer who practiced hospital medicine across the globe and founded Around Notes—an AI-driven platform that helps hospitalists write better notes, faster. At Wharton, I'm bridging healthcare, technology, and leadership to create tools that amplify clinicians, not replace them.