Coverage Intelligence
7
min read

What Security by Design Means for Healthcare AI

Security by design means the architecture enforces the rules. Here is what that looks like when the platform handles PHI and revenue cycle workflows.

Allan Cutler
Allan Cutler
July 7, 2026
What Security by Design Means for Healthcare AI
Table of contents
  1. What Does Security by Design Mean?
  2. Start With Infrastructure Boundaries
  3. Tenant Isolation Is Where Security by Design Becomes Real
  4. AI Workflows Need Governed Context
  5. Least Privilege Is an Operating Model
  6. What This Means for the Practices We Work With

Executive Summary

Security by design is one of those things that is easy to say and hard to build.

In healthcare, adding controls after the product is already working is too late. When a platform handles PHI, prior authorization records, insurance eligibility data, clinical documents, payment transactions, AI conversation histories, and audit logs, the architecture itself has to enforce clear boundaries. At Manta, that meant making infrastructure, tenant isolation, access control, and AI governance decisions early, before those decisions were convenient. This piece covers what those decisions were, why they matter for the practices that trust Manta with their coverage and revenue cycle workflows, and what security by design actually produces in practice.

What Does Security by Design Mean?

When people hear "security by design," they often think about compliance controls, encryption, or audit reports. Those matter. But when you are building AI for healthcare, security by design starts earlier than that. It starts with the architecture.

For many SaaS products, adding security controls incrementally makes sense. A project management tool, a CRM, or a content platform can ship features quickly, learn from real usage, and layer in access controls and monitoring as the product matures and the threat surface becomes clearer. The data at risk is business data. The sequence is reasonable.

Healthcare inverts that sequence. When a platform will handle PHI, prior authorization records, clinical documents, insurance eligibility data, and patient financial transactions from the first day a practice goes live, the security model has to be in place before the workflows run, not refined after them. The cost of an incomplete control during that period is not technical debt. It is patient privacy and practice revenue at risk on day one.

The full architecture and compliance overview is available on Manta's security and compliance page. This piece covers the reasoning behind the decisions on that page, written from the perspective of the person who made them.

Start With Infrastructure Boundaries

The first set of decisions concerned infrastructure, and they were made deliberately.

Manta runs entirely in a cloud-native AWS environment with no on-premise infrastructure. That choice is common enough that it might seem unremarkable, but the details matter. The infrastructure is organized across separate AWS accounts using the Well-Architected design mindset. That separation is not just organizational tidiness. It reduces blast radius. If something goes wrong in a development environment, it cannot propagate into production data. If a security event affects one account boundary, the damage is contained by the structure of the environment rather than by someone remembering to check an access policy.

Production workloads run inside a private VPC with security groups, NAT gateways, and VPC endpoints controlling traffic flow. Public-facing endpoints are protected at the edge. Encryption key management is centralized through AWS KMS across all storage and messaging services. Monitoring and audit logging run continuously monitored. TLS 1.3 is enforced for all public-facing traffic.

These are the choices a team makes when it decides from the beginning that the platform will handle regulated healthcare data, rather than deciding later that controls need to be bolted on. The significance is in the timing and the discipline, not the technology. As we described in the missing layer in the revenue cycle technology stack, coverage intelligence workflows sit at the most consequential point in the pre-service revenue cycle. The infrastructure that supports those workflows has to be built accordingly.

Tenant Isolation Is Where Security by Design Becomes Real

Infrastructure boundaries are necessary but not sufficient. The more important set of decisions concerned how customer data is separated inside a multi-tenant platform.

This is the decision I think about most carefully when someone asks what security by design actually means in practice. The simpler path would have been to enforce tenant separation only at the application layer, with one set of rules, one place to check, and one team responsible for ensuring the filter is always applied correctly. For a platform handling general business data, that architecture might hold. But Manta handles PHI, prior authorization records, insurance eligibility data, and patient financial transactions, which means the consequences of a single missed filter in a single code path are not an inconvenience to fix in the next sprint. They are a HIPAA breach affecting real patient records.

So Manta enforces tenant isolation and encryption at four independent layers, each of which carries the boundary on its own.

  • Database layer: Database operations are scoped to the authenticated customer's data by default, at the database engine level, before any application code runs.
  • Storage layer: Storage is partitioned by tenant, so storage operations for one customer are structurally separated from storage operations for another.
  • Messaging layer: Event messages include tenant context and consumers validate tenant authorization before processing, so even asynchronous workflows cannot inadvertently cross tenant boundaries.
  • Application layer: JWT tokens carry tenant context that propagates through downstream operations, providing a final enforcement layer that ties the whole system together.

Each layer enforces the boundary independently. The isolation does not depend on any single implementation being perfect, because no single implementation carries the entire load. That design adds complexity to the architecture. It was the right tradeoff. In healthcare, the complexity of enforcing multiple independent boundaries is far preferable to the simplicity of a single boundary that a single mistake can breach.

The data categories this isolation protects include PHI, prior authorization records, insurance eligibility data, medical documents, payment transaction records, AI conversation histories, and audit logs. Everything that flows through Manta's Coverage Intelligence workflows is subject to the same isolation controls and encryption posture.

AI Workflows Need Governed Context

AI systems become more useful with context. In healthcare, that context has to be governed.

The architectural question for any AI healthcare workflow is what context a given workflow should have, under what authorization, with what auditability, and inside what tenant boundary. Those questions have to be answered before the workflow is deployed rather than after it is in production, because the data flowing through coverage intelligence workflows is sensitive enough that a governance gap in an AI layer carries the same consequences as a governance gap anywhere else in the system.

Manta's AI capabilities operate inside the same security and compliance environment as the rest of the platform. They are governed by the same authentication, authorization, tenant isolation, monitoring, and auditability controls that apply platform-wide. AI conversation histories and agent processing logs are treated as governed data categories, subject to the same encryption, access controls, and retention policies as other PHI-adjacent data.

Manta keeps AI inference inside the same cloud governance model as all other production workloads rather than introducing a separate inference environment with its own security posture to manage.

The principle that follows from this architecture is that AI is part of the governed system rather than a layer sitting alongside it. When an AI workflow has access to coverage data, authorization records, and patient financial information, the boundaries that protect that data have to apply to the AI workflow with the same force they apply everywhere else.

Least Privilege Is an Operating Model

The infrastructure and tenant isolation decisions describe how the platform is built. Least privilege describes how it is operated.

The principle is that access to systems and data should be scoped to what a given role actually requires, reviewed regularly to confirm that scope is still appropriate, and structured so that elevated permissions are the exception rather than the default. In practice that means employee and contractor identity is managed through centralized SCIM and SAML provisioning with MFA enforced across all users. Access is reviewed on a quarterly basis. Production access follows a tiered model by default, elevated access is restricted to on-call engineers during active incidents, and SRE access is limited to personnel with defined operational responsibilities. CI/CD pipelines authenticate via OIDC, with no long-lived credentials in use.

This is not a set of controls assembled to satisfy an audit. It is an operating model built on the same principle as the tenant isolation architecture: the system enforces the rules, rather than relying on people to remember them under pressure. When a production incident occurs at 2am, the person responding should have exactly the access they need to resolve it, no more and no less, without requiring someone else to grant emergency permissions or leaving elevated access in place after the incident is resolved.

Security by design, applied to people and operations, looks like this: structure the access model so that the right thing is also the easy thing, and so that the wrong thing requires active circumvention rather than a simple oversight.

What This Means for the Practices We Work With

Specialty practices that deploy Manta are trusting the platform with workflows that touch PHI, payer requirements, clinical documentation, authorization records, and patient financial data. That trust is earned through the architecture, the compliance posture, and the operational discipline that backs it up.

Rocky Mountain Eye Center reduced prior authorization approval time by 75% and achieved a 1.9% initial denial rate with a 0.5% net denial rate after appeals. Those outcomes were possible because the platform handling their authorization workflows was built to be trusted with the data those workflows require. Automation at scale in regulated healthcare environments only works when the platform carrying that automation is governed by design rather than patched by circumstance.

The security and compliance details, including HIPAA safeguards, SOC 2 Type II audit status, encryption, tenant isolation, access controls, and Trust Center documentation, are all available on Manta's security and compliance page and at trust.manta.health. This piece is the reasoning behind those details, and readers who need the full compliance overview should start there.

Final Thoughts

For healthcare AI, trust is the prerequisite for adoption. A specialty practice that automates its prior authorization, eligibility verification, and patient financial clearance workflows through Manta is extending its operations into a platform that handles some of the most sensitive and consequential data in the organization. The decision to do that requires confidence that the platform was built with the care the data deserves.

That confidence comes from architecture: from separate account boundaries that contain blast radius, from four independent layers of tenant isolation that each enforce the boundary on their own, from AI workflows that operate inside the governed system, and from an access model that structures the right behavior into the operating environment rather than depending on discipline alone to produce it.

Security by design, in the end, means the architecture works even when the people inside it are imperfect, under pressure, or distracted. That is what trustworthy healthcare automation requires.

Want to see how Manta's security architecture supports coverage intelligence for specialty practices? See the security overview or book a demo.

Latest posts

Manta Blog

Stay ahead with industry trends, leadership insights, and RCM best practices.

Ready to Transform Your RCM Process?

Say goodbye to faxes, lengthy phone calls, and tedious RCM admin.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.