Security

Plain answers about how we protect health records. Questions? Ask us directly.

Encrypted in transit and at rest

Connections use TLS. Stored documents are encrypted at rest with managed keys.

Every access is logged

Views, changes, and downloads are written to an audit log that cannot be edited.

You control who sees what

Role based access limits each team member to the cases they work on. Patients approve every release.

BAA available for covered entities

We sign Business Associate Agreements with covered entities and their business associates.

Separate logins for patients and teams

Patients and staff sign in through separate identity systems. A patient login can never open a workspace.

Single use, expiring links

Approval and upload links work once, expire on a schedule, and can be revoked at any time.

See also our Privacy Policy and Terms of Service.