Cerbo EHR · Governance
Security & Access Controls for Cerbo AI Integration
Role-based access, logging, and data retention aligned with Cerbo's architecture.
Section 1
Security starts at the integration boundary
The connection between MedReception AI and Cerbo is the primary security control point. Data flowing from AI to Cerbo must be authenticated, encrypted in transit, and logged for audit purposes.
MedReception AI uses TLS 1.3 for all data transmission to Cerbo endpoints, API keys are practice-specific and rotated on a 90-day cycle, and all writes to Cerbo are logged with a timestamp and AI agent identifier.
Section 2
Role-based access inside Cerbo
AI-generated content in Cerbo should be accessible only to staff roles that need it. Typically: scheduling staff see call summaries and booking requests; clinical staff see intake notes and escalation summaries; practice managers see analytics and QA reports.
Configure Cerbo's role-based access controls to match your AI data flow before go-live.
- Scheduling staff: call summaries, booking queue, voicemail tasks
- Clinical staff: intake notes, escalation summaries, after-hours logs
- Care coordinators: referral packets, specialist routing, supply tasks
- Practice managers: analytics dashboard, QA reports, AI configuration access
- Billing: payment-related call summaries, membership conversion data
Section 3
Data retention policy
AI call recordings and transcripts are retained according to your practice's HIPAA retention policy — typically 6 years from the date of the interaction. Cerbo task and encounter data follows Cerbo's standard retention.
For practices in states with longer medical record retention requirements (e.g., 10 years in some states), configure AI retention settings to match the stricter requirement.
Ready to implement this for your Cerbo practice?
Book a demo and we'll walk through your specific Cerbo workflow — scheduling rules, Chart Parts templates, and after-hours coverage — and show you exactly how MedReception AI handles it.