Security
Plain answers about how we protect health records. Questions? Ask us directly.
Encrypted in transit and at rest
Connections use TLS. Stored documents are encrypted at rest with managed keys.
Every access is logged
Views, changes, and downloads are written to an audit log that cannot be edited.
You control who sees what
Role based access limits each team member to the cases they work on. Patients approve every release.
BAA available for covered entities
We sign Business Associate Agreements with covered entities and their business associates.
Separate logins for patients and teams
Patients and staff sign in through separate identity systems. A patient login can never open a workspace.
Single use, expiring links
Approval and upload links work once, expire on a schedule, and can be revoked at any time.
See also our Privacy Policy and Terms of Service.