ClearPath

About

How It Works

For Surgery Centers

Research & Compliance

Book A Call

ClearPath

About

How It Works

For Surgery Centers

Research & Compliance

Book A Call

RESEARCH & COMPLIANCE

The boring stack is the competitive advantage.

ClearPath is built on three principles: stay inside the FDA's Cures Act CDS exemption, treat HIPAA as the floor not the ceiling, and never make a clinical claim we can't trace to a citable guideline. Every product decision is grounded in primary clinical research — starting with our June 2026 field study of working CRNAs.

Where ClearPath sits in the regulatory landscape

FDA POSITION

21st Century Act CDS exemption

ClearPath operates as clinical decision support that displays information from facility-authored protocols and current published guidelines. It does not analyze patient data to recommend specific diagnoses or treatments. The clinician can independently review the basis of every recommendation. This places ClearPath within the FDA's non-device CDS exemption under the 21st Century Cures Act.

FDA Cures Act CDS guidance

DATA PRIVACY

HIPAA-aligned with BAA commitment

Patient information is treated as Protected Health Information from intake to deletion. Before any patient data flows through ClearPath, we execute a Business Associate Agreement with the surgery center and downstream BAAs with every vendor in our infrastructure stack — hosting, messaging, and any AI services. Encryption in transit and at rest. Access controls auditable to the user.

HHS HIPAA Business Associate guidance

SECURITY MATURITY

SOC 2 on our roadmap

We're targeting SOC 2 Type 1 within 18 months of our first paying customer and Type 2 within 30 months. Until certification, we operate to SOC 2 controls as a design discipline — documented access reviews, change management, incident response, and vendor risk assessment. We'll share our control documentation with any ASC under NDA before pilot signing.

AICPA SOC 2 framework

The goal is never to claim more than we can defend. The goal is to make every claim defensible.

Where ClearPath sits in the regulatory landscape

FDA POSITION

21st Century Act CDS exemption

ClearPath operates as clinical decision support that displays information from facility-authored protocols and current published guidelines. It does not analyze patient data to recommend specific diagnoses or treatments. The clinician can independently review the basis of every recommendation. This places ClearPath within the FDA's non-device CDS exemption under the 21st Century Cures Act.

FDA Cures Act CDS guidance

DATA PRIVACY

HIPAA-aligned with BAA commitment

Patient information is treated as Protected Health Information from intake to deletion. Before any patient data flows through ClearPath, we execute a Business Associate Agreement with the surgery center and downstream BAAs with every vendor in our infrastructure stack — hosting, messaging, and any AI services. Encryption in transit and at rest. Access controls auditable to the user.

HHS HIPAA Business Associate guidance

SECURITY MATURITY

SOC 2 on our roadmap

We're targeting SOC 2 Type 1 within 18 months of our first paying customer and Type 2 within 30 months. Until certification, we operate to SOC 2 controls as a design discipline — documented access reviews, change management, incident response, and vendor risk assessment. We'll share our control documentation with any ASC under NDA before pilot signing.

AICPA SOC 2 framework

The goal is never to claim more than we can defend. The goal is to make every claim defensible.

What you're trusting us with, and what our commitment is to you

Hosting

U.S.-based cloud infrastructure with HIPAA-eligible services and signed BAA. Encryption at rest (AES-256) and in transit (TLS 1.2+). Geographic redundancy with daily encrypted backups retained for 30 days.

Access controls

Role-based access with the principle of least privilege. Multi-factor authentication required for all ClearPath team members. Patient data is never accessible to anyone outside the ASC's authorized clinical team and the minimum ClearPath staff necessary for support. Every access is logged.

Data retention

Patient pre-op records are retained for the duration of the patient's care episode plus the period required by applicable state law (Texas: 7 years for adults, longer for minors). After that period, records are permanently deleted unless the surgery center has requested transfer or extended retention.

Breach notification

In the event of any incident involving Protected Health Information, ClearPath notifies the affected surgery center within 24 hours of discovery. We provide a full forensic summary within 5 business days. We support the ASC's notification obligations to patients and regulators under HIPAA's Breach Notification Rule.

Use of data

Patient data is used only to deliver pre-op guidance to that patient. We do not sell data. We do not share data with advertisers, marketers, or business partners. We do not use individual patient data to train AI models. Aggregate, fully de-identified outcome data may be used to improve our service — and the surgery center can opt out of even that.

Your protocols. Your authorship. Your liability boundary stays intact.

ClearPath does not author medical guidance. We support the procedural and surgical guidelines authored by your facility, your surgeons, and your clinical leadership. Every recommendation a patient sees traces to a protocol you approved, a guideline you cited, or a clinical decision your team made. We don't override clinician judgment. We deliver it.

What we don't do

Diagnose. Recommend treatments. Generate independent medical advice. Override your clinical judgment.

What we do

Deliver your facility's protocols to the right patient at the right time, in plain language, with the right clinical context.

Where authorship lives

With your surgeons, your anesthesiologists, your CRNAs, and your nursing leadership. We encode what they've already decided.

Your protocols. Your authorship. Your liability boundary stays intact.

ClearPath does not author medical guidance. We support the procedural and surgical guidelines authored by your facility, your surgeons, and your clinical leadership. Every recommendation a patient sees traces to a protocol you approved, a guideline you cited, or a clinical decision your team made. We don't override clinician judgment. We deliver it.

What we don't do

Diagnose. Recommend treatments. Generate independent medical advice. Override your clinical judgment.

What we do

Deliver your facility's protocols to the right patient at the right time, in plain language, with the right clinical context.

Where authorship lives

With your surgeons, your anesthesiologists, your CRNAs, and your nursing leadership. We encode what they've already decided.

TAKE IT WITH YOU

The ClearPath Compliance Brief

A two-page summary of our regulatory positions, security architecture, and clinical-guidance boundaries. Shareable with your compliance officer, IT director, and clinical leadership. No email gate — just the file.

Download Compliance Brief (PDF)

Book A 15-Minute Call

If you book a call, you'll hear from me directly — not from an automated sequence.

ClearPath

Ashlee@clearpathpreop.com

LinkedIn

ClearPathPreop.com

© 2026 ClearPath Health, Inc · Dallas, TX 75287

Privacy Policy

Terms of Service

Cookie Policy

ClearPath is a clinical decision support tool that operates within the 21st Century Cures Act CDS exemption. It does not diagnose, treat, or replace clinical judgment. All medical decisions remain the responsibility of the patient's surgery center and licensed healthcare providers. All rights reserved.