Safety.

OptimIQ runs on protected health information and revenue decisions. The way we handle both is the product.

Our mission

The most sensitive data and the most consequential decisions in the system.

A claim is a record of someone's body. A prior authorization is a gate between a patient and care. A risk score becomes a budget. Mistakes here aren't bugs. They're harm.

OptimIQ exists to take this work off practices, run it cleaner than they could alone, and make every step auditable. That obligation runs through how we hire, what we build, what we ship, and how we respond when something goes wrong.

Our principles

Five principles that shape every system we build.

Privacy, auditability, and clinical oversight aren't bolted on after launch. They are the architecture.

Lifecycle

How we prevent, detect, respond, and improve.

Prevent

We minimize PHI at the source, segment data by customer tenant, gate access by role, and review every model and every workflow against a written threat model before it touches production.

Security & infrastructure

Enterprise-grade security and infrastructure at scale.

Operations leaders sign the contract. Compliance, security, and IT have to live with it. OptimIQ is built so all three can.

  • BAA on file by default
  • Audit logs across every PHI access
  • Single sign-on with SAML 2.0 and OIDC
  • Role-based access controls and least-privilege defaults
  • Encryption at rest and in transit
  • US-only data residency for in-scope customers

US data residency

HIPAA-aligned controls

Zero-retention model mode

SOC 2 Type II controls framework

Trust Center

Every control. Every subprocessor. Every recent event.

Public, dated, kept current. The strongest signal we can give that the controls described above are operating today.

Visit the Trust Center

Subprocessors

The third parties we use to operate the platform.

Each subprocessor is under a BAA where PHI is in scope. Customers are notified at least 30 days before any change.

View subprocessor list

Reporting a concern

Saw something wrong?

Security researchers, customers, and members of the public can report a concern directly to our security team. We respond within one business day.

security@optimiq.comResponsible disclosure policy

See what one partner running it looks like.

Walk us through how things run today. We'll come back with where the leakage is and what we'd take on in the first 30 days.