“10,000+ Appointments Booked Across AI-Powered Campaigns”-Get the System
Skip to content
MediaBloom
Blog
Security 10 min readMar 21, 2026

HIPAA, SOC 2, and how we design compliance as a feature

How MediaBloom embeds regulatory controls into the runtime itself — not as a compliance review after the fact.

JJ
John Jahshan
Founder and CEO, MediaBloom
HIPAA, SOC 2, and how we design compliance as a feature

Compliance is too often treated as paperwork bolted on top of a product. We treat it as an input to architecture. When you design for HIPAA and SOC 2 from the first commit, the controls become features you ship, not checklists you dread when the auditor shows up.

Every interaction in MediaBloom is encrypted end-to-end, logged with tamper-evident hashes, and retained according to a per-tenant policy. Customers choose retention windows; the runtime enforces them automatically. Business Associate Agreements are standard for healthcare customers, and our HIPAA posture is reviewed quarterly with an independent assessor.

Our runtime enforces PHI redaction at the transcript level. The model never sees data it is not supposed to see, because the redaction layer sits between the transcript and the planner. Names, dates of birth, social security numbers, and addresses are masked before they ever enter the model context. If a downstream tool needs the unredacted value, it is re-hydrated only inside a signed, audited tool call.

Role-based access control is baked into every surface. Admins see what admins should see. Agents see what agents should see. Auditors get a read-only view that spans the full trace history without the ability to mutate anything. SCIM provisioning and SAML SSO are available out of the box, and every access is logged.

The SOC 2 controls map cleanly to the runtime primitives. Change management is enforced by our deploy pipeline. Access reviews are driven by the same RBAC system that powers the product. Incident response is integrated with PagerDuty, and every incident produces a post-mortem that is visible to customer security teams.

Our internal security culture compounds over time. Every engineer owns the security of the code they ship. We run quarterly tabletop exercises, we fuzz our critical paths, and we pay bounties on vulnerability reports. The result is a system that holds up under real scrutiny, not just paper compliance.

The net effect: enterprise security teams go from blockers to advocates. The same controls that make them comfortable are the controls that make the product reliable. A system that is safe for a hospital to run at 2am is, by construction, a system the CISO will sign off on in the procurement review.

About the writer
JJ

John Jahshan

Founder and CEO, MediaBloom
Sydney, Australia Writes on AI voice agents, Speed-to-lead automation

John Jahshan is the founder and CEO of MediaBloom. He works directly with agencies, operators, and enterprise teams to design and deploy AI revenue systems — voice agents, speed-to-lead automation, reactivation campaigns, and ads management — that turn attention into booked appointments and signed deals. He writes about the operator playbooks, engineering decisions, and partnership models behind the systems MediaBloom ships for clients.

AI voice agentsSpeed-to-lead automationRevenue operationsPartnership programs
LinkedIn Instagram TikTok Email
View full author profile
Newsletter

Get the MediaBloom newsletter.

One email per week. Research, launches, and operator playbooks. Zero fluff.

Keep reading

All articles
Inside the MediaBloom Agent Runtime: how we make voice feel instant
Engineering · Apr 22, 2026

Inside the MediaBloom Agent Runtime: how we make voice feel instant

By John Jahshan
The economics of AI-first legal intake in 2026
Research · Apr 15, 2026

The economics of AI-first legal intake in 2026

By John Jahshan
Launching MediaBloom Actions: give every agent real hands
Product · Apr 08, 2026

Launching MediaBloom Actions: give every agent real hands

By John Jahshan

Ready to see MediaBloom in action?

Talk to our team about deploying AI across your funnel.