MilestonesIQ was designed from the ground up for the privacy requirements of graduate medical education. Here is exactly how trainee data is protected.
All data transmitted between your browser and MilestonesIQ servers is encrypted using TLS 1.3 — the current industry standard for secure communications.
Data stored in the database is encrypted at rest using AES-256 encryption. This means that even in the unlikely event of unauthorized storage access, all data remains unreadable without the encryption keys.
Every API request is verified against the requesting user's role. Program Directors can view all trainees in their program. Trainees can only access their own records. Mentors can only view trainees explicitly assigned to them by the Program Director.
Cross-program data access is architecturally impossible — every database query is scoped to the authenticated user's program identifier. No user can query, view, or export data from another institution's program.
Every sensitive action — including trainee profile views, AI summary generation, PIP creation, data exports, and login events — is recorded in an immutable audit log with timestamp, user identity, and IP address.
Audit logs are retained for a minimum of 7 years and are available to Program Directors on request. This log is designed to be discovery-ready in the event of any legal or compliance inquiry.
MilestonesIQ uses a shared database with strict programId-based tenant isolation. No program's data is ever aggregated, benchmarked, or shared with another program without explicit written consent.
Trainee data is never used to train AI models, improve platform algorithms, or for any purpose outside the subscribing program's direct use. This is a contractual commitment in the Data Processing Agreement.
MilestonesIQ is hosted on enterprise cloud infrastructure with SOC 2 Type II compliance. Infrastructure providers undergo regular third-party security audits.
HIPAA-eligible hosting is available. A Business Associate Agreement (BAA) can be executed upon request for programs that classify trainee evaluation data under HIPAA. For most GME programs, trainee performance data is classified as educational records under FERPA, which is fully supported by our data handling practices.
All data exports (PDF reports, CSV downloads) are watermarked with the exporting user's name, email, program, and timestamp. Export actions are logged in the audit trail.
Export capabilities are restricted to Program Directors by default. Trainees can export their own ILP and PIP documents only. No bulk export of cohort data is available to trainee-level accounts.
MilestonesIQ is contractually prohibited from sharing trainee data with licensing boards, credentialing bodies, future employers, or any third party without the explicit written consent of both the Program Director and the trainee.
AI-generated performance summaries are visible only to Program Directors and are not accessible to trainees, mentors, or any external party. PD disposition (Confirmed / Not Confirmed / Insufficient Data) is required before any AI flag can be acted upon.
For pilot programs, MilestonesIQ uses secure email-based authentication with JWT session tokens, HttpOnly cookies, and automatic session timeout after 15 minutes of inactivity.
Enterprise institutional SSO via SAML 2.0 / OAuth 2.0 (Microsoft Azure AD, Okta, Shibboleth) is available for subscribing institutions. This allows trainees and faculty to log in using their existing hospital or university credentials — no separate password required.
For institutions requiring a formal DPA, BAA, or security questionnaire review, contact us directly. We work with institutional legal and compliance teams to ensure MilestonesIQ meets your specific requirements before deployment.
Request a Security Review