Portal Help & FAQ

Authoritative answers about scope, process, data security, and what to expect. For practice-specific questions, use the chat.

Question about your certification?
Governance Support is available 24/7. Practice-specific answers if you have your AGS reference number; general scope questions anytime. Most questions answered in seconds.
About the Certification
What practices does AI Governance Shield™ certify?

AI Governance Shield™ is built for healthcare practices using AI tools:

  • Primary care and internal medicine
  • Specialty medicine (cardiology, dermatology, orthopedics, etc.)
  • Behavioral health: psychiatry, psychology, addiction medicine, counseling, integrated behavioral health, substance use disorder treatment
  • Solo practitioners through group practices (Enterprise tier required for 30+ providers or multi-state operations)

Specialty-specific policy overlays apply when relevant to your practice. Behavioral health practices receive a Behavioral Health AI Disclosure Notification overlay alongside the standard policy library — the assessment adapts to your practice type rather than treating every practice the same.

Out of scope: hospitals or health systems above ~50 providers, dental-only / vision-only / veterinary practices, non-clinical organizations, pure cosmetic or wellness practices without medical billing, forensic-only practices. If your practice falls outside scope, the chat will let you know and route you to the contact form.
What does the certification cover, and what is it not?

The certification is a governance evaluation of your AI use across your full governance posture — from patient disclosure and oversight to vendor, training, insurance, and billing exposure.

Your engagement ends in one of three outcomes: Certified (your governance meets the standard), Conditional (defined gaps remain, with a remediation roadmap and one re-review included), or Not Certifiable (gaps significant enough to require fundamental work before re-engagement).

What this is NOT: not a HIPAA audit, not legal advice, not clinical decision support, not a malpractice insurance product. The deliverable is a defensibility-focused governance review you can cite to malpractice carriers, Joint Commission auditors, OCR inquiries, and state regulators (Tennessee SB 1580, Texas TRAIGA, Colorado HB 26-1195 for behavioral health, etc.). For legal questions, consult a licensed attorney in your jurisdiction.
Process & Timeline
How long does the assessment take?

Initial certification: we begin within 24 hours, and your certification is typically delivered within 5–20 business days of completed intake.

Recertification: 5 business days. We already have your governance posture documented from the prior cycle — the recert focuses on what's changed (new AI tools, new jurisdictions, regulatory updates, incidents, policy refinements).

You receive a confirmation email when intake completes, then a delivery email with your bundle when assessment finishes. If we need clarification on any input, we'll reach out via the contact channel on file within 48 hours of receiving your intake.

Lapsed certifications (more than one year past the prior expiration date) require a new initial assessment, not streamlined recert.
What happens after I submit my intake?
1
Confirmation email within minutes confirming intake received.
2
Assessment begins within 24 hours and typically completes within 5–20 business days of completed intake. Your governance posture is scored across your full governance profile using your wizard responses, any supporting documentation you uploaded, and structured AI test cases generated from your tool inventory.
3
Clarification (rare) — if anything is unclear, you'll hear from us via the contact form on file. Most intakes are sufficient as submitted.
4
Delivery — you receive a secure download link to your bundle. The link is active for 30 days; download everything before expiration.
5
Verification listing — certified practices appear at sentinelriskgrp.com/verify and can be referenced by malpractice carriers, auditors, or partners using the reference number on your certificate.
Files, Data & Privacy
Is my data secure? What about patient information?

Sentinel Risk Group does not receive patient health information (PHI) in the standard engagement model. The intake asks about your governance posture — policies, vendors, training, oversight — not about individual patients.

You de-identify any documents before uploading per HIPAA Safe Harbor (remove the 18 identifiers: names, dates of birth, MRNs, SSNs, etc.). The intake wizard tells you when an upload is needed and what to scrub.

What we receive: governance documentation, vendor agreements, AI use policies, staff training records, your AI tool inventory, malpractice declarations.

What we do not receive: patient records, clinical notes (unless you've manually de-identified and chosen to upload), billing data with patient identifiers, anything from your EHR directly.

Storage: encrypted in transit (TLS 1.3) and at rest. Uploads land in a HIPAA-eligible AWS region (us-east-1) under a signed BAA between Sentinel Risk Group and AWS — that BAA covers the rare case where PHI accidentally lands in our quarantine bucket.

Important: the AWS BAA is not a Sentinel-customer BAA. The standard engagement assumes no PHI flows to Sentinel because you de-identify before upload. A Business Associate Agreement is not part of the standard engagement — the system is designed so PHI does not flow to Sentinel (Master Terms § H.8). If your compliance program requires one, you can execute our conditional BAA at sentinelriskgrp.com/baa.

Documents are accessible only to your assigned reviewer. Not shared with other practices, third parties, or carriers without your explicit written request.

What file formats and sizes are supported?
FormatExtensionsNotes
PDF documents.pdfPreferred
Word documents.doc, .docxYes
Spreadsheets.xlsx, .csvYes
Photos of documents.jpg, .jpeg, .pngYes
Plain text.txtYes
Slides.pptxYes
iPhone photos (default).heicConvert first
Compressed archives.zip, .rarUpload individually

Size limit: 25 MB per file. If a PDF is too large, compress it with a free tool like smallpdf.com or ilovepdf.com. If a phone photo is too large, email it to yourself first — most email apps auto-compress.

HEIC fix (iPhone): Settings > Camera > Formats > "Most Compatible". All future photos save as JPG. For existing HEIC files: open the photo, tap Share, then "Save to Files" — the saved copy is JPG.

Phone photos of printed documents: lay flat, good lighting, hold phone directly above (not at an angle), one page per photo.

Best practice: PDF is the safest format. If you're unsure about a file, save or print it as PDF before uploading.
Your Certification Bundle
What do I receive when I'm certified?

A secure ZIP bundle containing:

  • Certification Report (PDF) — full assessment narrative, scoring detail across your governance profile, evidence index, defensibility playbook for carrier and audit responses
  • Certificate of AI Governance (PDF) — single-page certification with reference number and validity dates, suitable for posting in your practice or sharing with partners
  • Ten governance policy templates (DOCX) — you fill in clinic-specific operational details (escalation contacts, review cadences, designated AI officer name) before circulating internally
  • Patient AI Disclosure Notice (DOCX) — patient-facing disclosure your practice can adapt
  • Staff AI Training Acknowledgment (DOCX) — sign-in sheet template for your training program
  • AI Scribe Spot-Check Log (DOCX) — template for ongoing oversight documentation
  • Invoice (PDF) — itemized billing record

Behavioral health practices receive an additional Behavioral Health AI Disclosure Notification policy in addition to the standard ten.

For Conditional outcomes, you receive a Gap Assessment & Remediation Roadmap (PDF) instead of the Certification Report, with a prioritized list of governance gaps to address before re-submission. You have 180 days from your initial assessment to address gaps and re-submit, with a 30/60/90-day prioritization within the roadmap. One re-assessment is included at no additional cost during the remediation window.

Download window: 30 days from delivery. Save the bundle locally; the link expires after that.
Need More Help?
What if I have other questions?

For practice-specific questions — your AI tools, your specialty, your engagement state — open the Governance Support chat (bottom-right of this page). It can answer most questions immediately. With your AGS reference number and contact email handy, you'll get answers tailored to your engagement.

For anything the chat can't handle — finding disputes, refund questions, custom arrangements (including a health system’s own BAA form — our standard conditional BAA is self-serve at /baa), regulatory inquiries, or things outside scope — use the contact form below and we'll route appropriately within one business day.

For legal questions specifically, consult a licensed attorney in your jurisdiction. Sentinel Risk Group is not a law firm and does not provide legal advice.

How the Certification Process Works

1
Complete Wizard Intake
Step-by-step questions about your practice's AI tools, governance posture, and oversight workflows. The wizard builds the assessment dataset from your answers.
2
We Assess
Your governance posture is reviewed across your full governance profile using your inputs and structured AI test cases. We begin within 24 hours and typically deliver within 5–20 business days of completed intake.
3
Receive Bundle
Secure download link with your certification report, certificate, ten governance policies, and supporting templates. 30-day download window.

Still need help?

Most questions are answered fastest by Governance Support chat. For anything that needs a human follow-up, send a message and we'll route within one business day.

Disclaimer: The information on this website is provided for general informational purposes only and does not constitute legal, financial, insurance, or compliance advice. AI Governance Shield™ certification is an independent governance evaluation service and does not guarantee regulatory compliance, insurance coverage, legal protection, or immunity from enforcement actions. Applicable laws, regulations, and insurance policy terms vary by jurisdiction and are subject to change. Specific penalty amounts, enforcement provisions, and statutory requirements referenced on this site reflect publicly available information as of the date of publication and may have been amended. Practices should consult qualified legal counsel for advice specific to their circumstances. Sentinel Risk Group is not a law firm, insurance company, healthcare provider, or government agency.