Security & Privacy¶
Data protection, compliance and security settings for your Akili AI practice.
What this is for¶
Understanding how Akili AI handles patient data, and what controls are available to your organisation to meet security and privacy obligations.
Data storage and processing¶
- All patient data is stored in encrypted form at rest and in transit.
- Audio recordings are processed and then deleted after note generation is complete.
- Clinical notes are stored and retained in accordance with applicable healthcare record-keeping legislation.
- Data is stored in compliant cloud infrastructure within the applicable jurisdiction.
POPIA and data protection compliance¶
Akili AI is designed to support compliance with the Protection of Personal Information Act (POPIA) and equivalent data protection legislation.
Your practice is responsible for:
- Obtaining patient consent for recording and AI processing. See Request Patient Consent.
- Ensuring only authorised staff have access to patient records.
- Reporting data incidents to Akili AI support and, where required, to the Information Regulator.
Security settings¶
| Setting | Where to find it |
|---|---|
| Multi-factor authentication (MFA) | Settings → Security → MFA |
| Session timeout | Settings → Security → Session settings |
| Password policy | Settings → Security → Password requirements |
Reporting a security incident¶
If you suspect a data breach or unauthorised access:
- Change the affected user's password immediately from Settings → Users.
- Deactivate the user if necessary. See Creating Users & Roles.
- Export the audit trail for the relevant period. See Access & Audit Trails.
- Contact Akili AI at hello@akiliai.net immediately.
Warning
Do not delay reporting suspected incidents. Early notification allows Akili AI to assist with containment and assess whether notification obligations apply.