When it comes to AI and behavioral health, it can sometimes feel like there are more questions than answers. We get it—AI can be scary. Is it the path to a better future or just a blip on the radar? While it’s too early to say for certain how the AI revolution will unfold, we wanted to compile a list of our most frequently asked questions (and answers) about Eleos, AI, security, privacy, and more. So if you have questions, read on for what we hope are the answers you seek.
Eleos Health 101: What’s the Story on the Tech?
Q: How does Eleos define “behavioral health?”
A: We consider the behavioral health field to be inclusive of a variety of professionals trained to help clients improve their mental health, lifestyle, substance use, patterns of behavior, interpersonal relationships, and more. Clinically speaking, this includes specialties such as Intellectual/Developmental Disabilities, Early Childhood Intervention, and Applied Behavior Analysis.
Q: Which EHRs does Eleos integrate with?
A: Eleos doesn’t “integrate” with EHRs; we offer a lightweight technical embedding solution via a browser extension, which requires minimal IT investment from your EHR and internal IT teams. We’re compatible with a variety of web-based EHRs, including Carelogic, Credible, InSync, SmartCare, My Avatar NX, MyEvolv, EchoVantage, PCE, Kipu, Welligent, eHana, and Exym.
Q: How do you integrate science into your solutions?
A: Science is at the core of everything we do. We have multiple licensed clinicians (some of whom still practice!) on staff as well as a team of clinical consultants who help ensure Eleos doesn’t deviate from our purpose. We have anywhere from 5 to 15 studies in progress at any given time, including peer-reviewed, published research in respected journals. Our clinical team, customers, and leading research institutions work together to ideate and execute studies on the impact of AI in behavioral health.
Behavioral Health & AI: What’s the Buzz?
Naturally, most of the questions we hear center on the elephant in the room: AI. So without further ado, here’s our artificial intelligence FAQ.
Q: How accurate is AI technology, and how do you ensure continuous improvement?
A: Eleos Health’s AI technology is based on the most robust Natural Language Processing (NLP) engine in the world, developed by AWS. From there, we customized the engine to understand and be specific to behavioral health.
We have the industry’s largest voice data set of real-life behavioral health sessions. When you look at accuracy, consider that as humans, we understand 96% of what people tell us. The Eleos word error rate, which measures NLP accuracy, is around 93-94% accurate. Our stellar clinical team, led by Dr. Shiri Sadeh-Sharvit, PhD, continuously reviews our data to ensure ongoing improvement and correctness of the engine and models.
Q: Do you have studies verifying the validity of your data?
A: Yes! Our Science page outlines our published peer-reviewed studies as well as those in progress with esteemed research institutions.
Q: Do you worry about technology overstepping its place in the relationship between the therapist and client?
A: The relationship between providers and clients is at the center of great care. We understand the thought of adding technology to that relationship can feel awkward or even untoward. Eleos Health’s ambient solution operates in the background—at provider and client discretion—and does not intrude in the care or therapeutic journeys of clients. Eleos is not here to replace providers’ judgment about the proper course of clinical care. We exist to supply insights and empower clinicians to deliver higher quality, more personalized care.
What About AI Security & Data Safety?
AI security, especially with respect to healthcare data and PHI, is always top of mind for the Eleos development team. We are firm believers that security and privacy come first in the development and enrichment of technology solutions. And we want to answer as many questions about this key topic as we can—so if your questions aren’t answered here, reach out to us!
Psst. Have you checked out our Trust Center for some key intel on Eleos Health’s AI security measures?
Q: How long are the sessions stored for?
A: Our Scribe solution does not store any session data. If your organization chooses to utilize our Replay solution, you will decide how long data can be stored for internal access. On average, orgs choose four weeks for their teams to be able to access recordings. As soon as that deadline hits, all data is all de-identified/deleted as outlined in each client’s contract.
Q: How do you ensure data storage security? And what about data privacy?
A: We have many safeguards in place to protect client data and privacy.
- First, as required by law, we obtain client consent. Many organizations and clinicians also choose to obtain consent when not required, and our average client consent rate is about 95%.
- We are HIPAA compliant as well as SOC 2 and HITRUST certified. For more information on what that means, see our Trust Center.
- If you use our Replay solution, your org is in charge of how long data remains available. After your given deadline, we delete the recording—and if your org has opted in, we completely de-identify the note data and make it untraceable.
- With our Scribe solution, we provide full session analysis and baseline content for the note without the need to hold the session data as a recording. In essence, we stream the data to our cloud for analysis, provide the clinician with the results, and immediately de-identify the data.
Q: What other certifications and compliance approvals does Eleos have?
A: In addition to being HIPAA and FERMA compliant, Eleos is SOC 2 and HITRUST compliant and has received Deloitte, ISO 27001, and ISO 27799 certifications.
Q: Does Eleos monitor and test security on a regular basis?
A: Yes. Eleos contracts with an independent third-party agency that conducts annual penetration testing and automatically monitors our product for security vulnerabilities via external tools and auditors.
Q: Are the assessments that are sent out to members secure?
A: Yes, all assessments, inbound and outbound, are end-to-end encrypted.
Q: How does Eleos encrypt data in transit?
A: All user traffic passes via HTTPS, with at least 256-bit SSL encryption for all internet-based data. All administrator traffic is encrypted through Eleos Health’s secure VPN. Integration traffic also passes through our secure VPN, which encrypts packet data as well as packet headers.
Q: How does Eleos encrypt data at rest?
A: Sensitive data handled by Eleos Health’s cloud applications are encrypted whenever they are stored in persistent memory. When such data are accessed by a user, file-system encryption ensures that access to the physical disk does not expose sensitive data. Database records are further encrypted with 256-bit keys via the industry-standard AES algorithm.
Q: How does Eleos detect unauthorized access and other threats?
A: Our system uses a host-based intrusion detection system (HIDS) to continuously monitor for unauthorized access attempts, suspicious activity, and unexpected behavior on each server within the Eleos cloud. Additionally, all company workstations and remote servers deploy endpoint detection and response (EDR) tools to monitor for threats in real time. Our databases also deploy access-control algorithms to identify rare events, items, or observations that differ significantly from standard behaviors or patterns, thus warranting investigation.
Q: Where is Eleos data housed? Does it ever move locations?
A: Eleos supports data deployment in specific geographic regions, and we guarantee that these data will not move outside the originally designated region. Eleos only stores and processes data in US-based Amazon Web Services (AWS) data centers.
Q: What security measures are in place for the AWS data centers Eleos uses?
A: AWS data centers meet the highest standards for physical security and access control. Access is strictly limited, and anyone granted access is thoroughly vetted and monitored. Additionally, all physical and electronic access to AWS data centers is routinely logged and audited.
Q: What personnel measures are in place at Eleos to protect customer data?
A: Access to the Eleos cloud is locked down by subnet, port, protocol, server, role, and user. Only the access required for the specific business function is granted. Furthermore, Eleos requires all employees and contractors performing services for Eleos to undergo a thorough background check and participate in security training.
Q: How does Eleos ensure data security when integrating with client systems?
A: Integrations with client systems are managed via the Eleos cloud VPN. We provision, monitor, and manage the VPN to create an overlay network designed to link a customer’s corporate data center and our VPC. This ensures that all communications between the two are encrypted. Finally, a client can leverage Eleos cloud VPN with its existing extranet infrastructure. This VPN supports almost every IPSec data-center extranet solution as well as the standard OpenVPN protocol.
Still have questions? Drop us a line.
