Skip to main content
JamEMR

Trust Center

Infrastructure

JamEMR runs clinical AI on dedicated GPU hardware inside the deployment environment. TLS in transit, disk-level encryption at rest, versioned migrations, and approval-gated operational changes are in place today.

Built around local AI

Most cloud-AI products are architecturally required to send data to someone else’s servers. JamEMR is built the other way around: clinical AI inference runs on dedicated GPU hardware inside the deployment environment. That choice defines the rest of the infrastructure — the systems that hold PHI are the systems the practice’s deployment already contains.

What is in place today

Compute and AI processing

  • Clinical AI (ambient transcription, clinical language-model processing) runs on dedicated local GPU hardware inside the deployment environment. PHI is not sent to third-party consumer AI clouds for clinical AI processing.
  • Services authenticate to each other with registered, revocable API tokens — internal traffic is authenticated, not merely trusted.

Data protection

  • TLS encrypts data in transit on exposed interfaces.
  • Data at rest is protected with disk-level encryption, configured and verified per deployment (see Encryption for how we describe this carefully).

Change discipline

  • Database schema changes ship exclusively as versioned, reviewed migrations. The schema has a reviewable history, and environments stay consistent by construction.
  • Privileged operational changes are approval-gated: a human explicitly approves before a privileged change takes effect.

Pilot posture

  • Pilot deployments run on synthetic (non-real-patient) data until a practice’s compliance prerequisites are complete. Infrastructure is proven before PHI arrives, not after.

Public website

  • The public jamemr.com website (which holds no PHI) is served through a commercial CDN/DNS provider — see Subprocessors. Clinical systems are separate from the public website.

On our roadmap

  • Formal, SLA-backed disaster-recovery commitments are in development. Today: scheduled backups run, and restore procedures are being formalized — see Disaster Recovery for the honest current state.
  • Third-party penetration testing of the infrastructure before general availability.
  • Documented infrastructure and operations policy pack, in progress.
  • SOC 2 Type II examination, planned, not started — we do not claim SOC 2 compliance.

Deployment questions

Infrastructure details vary by deployment, and we document each deployment’s configuration for the practice’s compliance review. To discuss requirements for a prospective deployment, contact [email protected] or [email protected].

← Trust Center