Independence, privacy, and security by design
ChatCME protects the independence of accredited CME, minimizes data, and secures your programs end to end. Retrieval stays inside the activity, answers cite sources, and analytics are de‑identified for supporters.
Independence in CME
What we guarantee
- •Providers control content, objectives, scope, and guardrails
- •Retrieval is scoped to the accredited activity and approved sources only
- •Every answer includes citations to the exact passage, slide number, or timestamp
- •The assistant declines when evidence is insufficient or out of scope
Boundaries for supporters
- •Supporters receive aggregated, de‑identified insights only
- •No learner‑level reporting to supporters
- •No editorial control or configuration access for supporters
Governance you control
Role‑based access for Admin, Editor, Analyst
Publication approvals
Reviewer identity and time tracked
Immutable audit logs
For configuration and reprocessing
Privacy by design
Data minimization
No PHI required for typical CME use. Sessions tracked with pseudonymized user hash
De‑identified analytics
Portfolio trends and objective coverage at aggregate levels
Exports with transparency
CSV export includes message-level fields with pseudonymized user hash
Retention and deletion
Configurable per tenant. Data can be deleted or exported for archiving
Export fields
CSV export includes: message_id, session_id, program_id, pseudonymized user_hash, objective_id, objective_label, alignment_label, alignment_score, timestamp, and cited slide number or video timecode when available.
Security controls
Encryption and key management
TLS in transit and AES‑256 at rest. Keys managed via secure KMS
Access and identity
Role‑based access with least privilege. Multi‑factor authentication for staff accounts
Monitoring and resilience
Centralized logging and alerting. Backups and disaster recovery. Horizontal scaling
Vulnerability and change management
Regular dependency scanning. Controlled releases. Incident response runbooks
Retrieval guardrails and accuracy
Program‑scoped retrieval
Indexing and search restricted to the active activity. Domain allowlists prevent cross‑program leakage
Citation‑first answers
Factual statements include citations that open the exact source passage, slide number, or timestamp
Decline when uncertain
If grounded evidence is not found, the assistant defers and offers primary sources
Objective alignment
Each learner message classified to stated objectives with confidence scoring. Editors can review and override
Multi‑tenant isolation
Strong isolation
Tenant scoping keys at the org, app, and program levels. Per‑tenant boundaries enforced in storage and retrieval
No model training on your content without written permission
Customer content is not used to train foundation models by default. Evaluations and tuning use de‑identified or synthetic samples unless you opt in
Authentication and SSO
Embed security
HMAC‑signed request with time‑bound validity. Domain allowlist and hostname validation. CORS and CSP compatible setup
Single sign‑on
JWT claims support sub, iss, exp, iat, and aud. Short token lifetimes with refresh via update calls
Rate limits
Adaptive rate limiting per client and per user to protect performance
Compliance posture
HIPAA safeguards
Available under a Business Associate Agreement when PHI is processed. Administrative, physical, and technical safeguards, plus breach notification within required timeframes
SOC 2 alignment
Controls aligned to Security, Availability, Confidentiality, Processing Integrity, and Privacy. Access control, vulnerability management, logging, incident response, continuity and recovery
CME independence
Language, policies, and technical controls that preserve independence for accredited CME. Supporters receive de‑identified aggregates only
Vendor and third‑party risk
- •Vendor due diligence and contractual data protection terms
- •Subprocessor inventory available on request
- •Subcontractor BAAs when PHI is in scope
Transparency for editors and analysts
What you can see and export
- •Session and engagement metrics by activity, site, and conference
- •Citation engagement and slide or section heatmaps
- •Themes mapped to learning objectives
- •Objective alignment rate and coverage by objective
- •Message‑level CSV export with timestamps and cited references
What you will not see
- •Learner PII unless you choose to collect it in your own systems
- •Cross‑tenant data or content
- •Any supporter access to editor tools or content configuration
Accessibility and languages
- •WCAG‑aligned interaction patterns and contrast
- •Keyboard and screen reader support end to end
- •50+ languages supported for ingestion and for answer output