HIPAA Compliance
Revdoku accounts can be used in a HIPAA-compliant mode for organizations that handle protected health information (PHI) as part of their document review workflows.
HIPAA compliance is available as part of a selected Revdoku subscription plan. When enabled, HIPAA-compliant mode includes:
- Encryption — AES-256 at rest, TLS 1.2+ in transit
- Enforced 2FA authentication - every account enforced to use 2FA for authentication
- HIPAA AI models - only HIPAA-compliant AI models from verified AI providers (BAA signed)
- Access controls — Role-based access with unique user IDs and automatic session timeouts
- Audit logging — detailed audit trails for access and actions
- Data retention controls — Extended retention of data and audit logs.
- Minimum necessary access — System-enforced limits
- Optional on-premise hosting - host application on your own infrastructure
Business Associate Agreement (BAA)
We have a BAA signed with our compute, storage, and AI providers.
Signing a BAA with your organization — coming soon. Contact us for details and timeline.