Suki AI
Suki AI, Inc. · EFROS US AI Vendor Governance Index entry
Composite governance score
B = strong posture. Deployable in regulated workloads with documented compensating controls.
About this vendor
Clinical AI voice assistant for ambient note generation, dictation, and EHR navigation. EHR-integrated (Epic, Athenahealth, Cerner, Meditech, NextGen).
- Enterprise tier
- Suki Assistant (per-clinician licensing, EHR-integrated)
- Vendor homepage
- https://www.suki.ai
- Trust center
- https://www.suki.ai/security
Twelve-axis governance scoring
Each axis is scored Yes / Partial / No / N/A against public evidence — vendor trust portals, BAAs/DPAs, SOC 2 report cover pages, published methodology documents. N/A applies when the axis is structurally inapplicable (foundation models, for example, defer Section 1557 to the downstream healthcare deployer).
| Axis | Status | EFROS note | Source |
|---|---|---|---|
| BAA / DPA available | Yes | Suki signs BAAs for enterprise customers. | Suki Security |
| Training-data opt-out | Yes | Suki does not train models on customer audio or notes. | Suki Security |
| US data residency option | Yes | Suki US-hosted on US cloud infrastructure. | Suki Security |
| SOC 2 Type II report | Yes | Suki holds SOC 2 Type II and HITRUST CSF certification. | Suki Security |
| ISO/IEC 42001 attestation | No | No ISO/IEC 42001 attestation as of May 2026. | Public posture review |
| NIST AI RMF self-attestation | Partial | Suki publishes governance documentation aligning with NIST AI RMF principles; no formal self-attestation. | Suki Responsible AI |
| Colorado AI Act readiness | Partial | Suki engages on the Colorado AI Act deployer-responsibility model in customer documentation. | Suki customer documentation |
| HHS-OCR Section 1557 readiness | Partial | Suki documents bias testing and clinical safety governance; explicit Section 1557 public statement less detailed than Abridge. | Suki governance documentation |
| FRB SR 11-7 readiness | N/A | Healthcare-vertical positioning. | Suki positioning |
| ABA Formal Op 512 readiness | N/A | Healthcare-vertical positioning. | Suki positioning |
| Subprocessor list public | Yes | Subprocessor list available to enterprise customers. | Suki Security |
Trust-center maturity
Mature security documentation with HITRUST + SOC 2. AI-specific governance less granular than Abridge.
Source: Suki Security
Deep dive
Overview
Suki has strong fundamentals — BAA, US residency, SOC 2, HITRUST — and a more pragmatic positioning than Abridge. The Section 1557 engagement is less prominent than Abridge but adequate for most ambulatory deployments. HITRUST CSF certification is a meaningful differentiator for health-system buyers that require it.
Strengths
- BAA, US residency, SOC 2 Type II + HITRUST CSF
- Broad EHR integration
- Default no-train, customer-isolated
Weaknesses
- No ISO/IEC 42001
- Section 1557 documentation less prominent than Abridge
- Smaller scale than DAX Copilot or Abridge in market
Best-fit use case
Ambulatory practices needing HITRUST-aligned procurement, broad EHR integration, and strong clinician workflow fit.
Avoid when
Hospital systems with active OCR Section 1557 scrutiny — Abridge's public Section 1557 engagement is more defensible during audit.
Operator's take
Deploy Suki AI when ambulatory practices needing HITRUST-aligned procurement, broad EHR integration, and strong clinician workflow fit. The composite score of 72 (grade B) reflects a defensible posture for regulated US workloads. Skip the vendor when hospital systems with active OCR Section 1557 scrutiny — Abridge's public Section 1557 engagement is more defensible during audit. In every deployment, treat the cells above as a snapshot — the acquisition that gets to production safely is the one that re-verifies the trust-center posture before contract signature and rebuilds the matrix at renewal.
How this scoring is computed
The composite score blends eleven scoreable axes (BAA, training opt-out, US data residency, SOC 2, ISO/IEC 42001, NIST AI RMF, Colorado AI Act, Section 1557, SR 11-7, ABA Op 512, subprocessor transparency) with the trust-center maturity score. Axes marked N/A are excluded from the denominator so vendors are not penalized for sector-inapplicable axes. The vendor's primary sector amplifies the most relevant axes — healthcare vendors weight Section 1557 ×2, legal vendors weight ABA Op 512 ×2, banking vendors weight SR 11-7 ×2 — so the composite reflects what matters in the actual buying context.
Read the full methodology →Disagree with this scoring?
EFROS publishes scoring rationale per cell with a public source. If you have evidence that a specific axis should score differently — a new BAA, a new certification, a documented policy change — submit a formal challenge below. We re-score and publish the result with the next quarterly edition (or as a mid-quarter changelog entry if the change is material).
Disagree with a score?
Every cell in the EFROS Index is source-cited. If you have a public source that contradicts a score for Suki AI, submit a formal challenge — we re-verify against the source and respond within 14 days.
Other vendors in Healthcare AI
Same category, scored on the same twelve axes. Useful for head-to-head shortlisting.
Take the scoring into production
The Index tells you the posture. These engagements turn the posture into a deployable program — vendor selection, governance policy, sector overlay, audit-ready evidence.