HIPAA Compliance
Revdoku can be used in a HIPAA-compliant mode for organizations that handle protected health information (PHI) as part of their document review workflows.
HIPAA compliance is available as part of a standard Revdoku subscription. When enabled, HIPAA-compliant mode includes:
- Encryption β AES-256 at rest, TLS 1.2+ in transit
- Access controls β Role-based access with unique user IDs and automatic session timeouts
- Audit logging β Tamper-evident audit trails for all PHI access and actions
- Data retention controls β Configurable retention with secure deletion
- Minimum necessary access β System-enforced limits on PHI visibility by role
Business Associate Agreement
Enterprise customers are provided with a signed BAA on request. The BAA defines Revdokuβs responsibilities for safeguarding PHI in accordance with HIPAA regulations.