Built for the teams who say no.
Your IT, compliance, and privacy reviewers ask the same eight questions on every vendor call. Here are the answers, before the call.
BAA in under a daySOC 2 Type I certified,
Type II in progressFull audit trail on
every agent action
Do you sign a BAA?
Yes, before any PHI moves. The BAA is typically executed in under a day, and standard go live is 48 hours from signature. No PHI touches LunaBill systems until the BAA is in place.
What is your SOC 2 status?
LunaBill is SOC 2 Type I certified. The Type II audit is in progress, and you can track live control status at trust.lunabill.com. The Type I report is available under NDA during security review.
Does the voice agent disclose that it is AI?
Disclosure is handled per payer and state requirements. Where a payer or state requires the agent to identify itself as automated, it does.
How do agents access our EHR?
Agents read claim status, eligibility, and remittance data. Posting back to the EHR, such as ERAs and call notes, is scoped and configured with your team during onboarding. Every action carries a full audit trail your compliance team can review.
How are payer portal credentials stored?
Credential storage architecture, secrets management, and access controls are documented in our security packet, shared during vendor review. Ask for it on the first call.
How long is call audio retained?
Call recordings and transcripts follow a documented retention schedule, covered in the security packet and tailored to your policies during onboarding.
Who are your subprocessors?
A current subprocessor list, with the role each one plays and the agreements behind it, is provided during security review and kept updated under the BAA.
Does this website collect PHI?
No. The marketing site collects only contact details you choose to share. PHI is handled exclusively inside the product, under a signed BAA.
Bring your security team to the first call.
We would rather clear vendor review in week one than month three. The security packet, SOC 2 report, and subprocessor list are ready when you are.