PHI UploaderSecure healthcare intake
FeaturesSecurityPricingContact
Sign inRequest pilot access
FeaturesSecurityPricingContactSign inRequest pilot access
Security Overview

How PHI Uploader Protects Document Intake

PHI Uploader is designed to support HIPAA-regulated document intake workflows once the BAA, customer Workspace BAA, platform owner approval, onboarding checklist, and customer controls are complete.

Request BAA ReviewPrivacy Policy

BAA-first onboarding

Production PHI workflows are gated behind customer BAA readiness, customer Workspace BAA attestation, and platform owner PHI approval.

Protected request links

Recipients use a request link plus a separately shared access code before submitting documents.

Private encrypted staging

Uploads are staged in private storage before scanning and delivery. Staging is configured with lifecycle cleanup.

Malware scanning

Files are scanned before clean delivery. Suspicious or failed files are not delivered as clean records.

Controlled Drive delivery

Approved files and the generated PDF summary are delivered to the customer-approved Google Drive destination.

Audit-ready workflow

Request, upload, delivery, purge, BAA, Drive, and admin actions create PHI-safe audit events.

Data lifecycle

Where Documents Go

1

A healthcare organization creates a request packet and sends the secure link with a separate access code.

2

The recipient verifies the access code and completes the requested answers and documents without creating an account.

3

Files are uploaded into private staging and marked ready for processing.

4

The processing workflow scans each staged file before Drive delivery.

5

Clean files and the PDF summary are delivered to the configured customer Drive destination.

6

Temporary staging is cleaned up and raw answer values are purged after the PDF summary is uploaded.

Access

Who Can Access Files

Customer users

Authorized customer users control the destination Drive folder and downstream access after files are delivered.

Platform operations

Platform access is limited to operating, securing, supporting, and maintaining the service under the applicable agreement and BAA.

Boundaries

What PHI Uploader Does Not Replace

  • It is not an EHR, patient portal, emergency communication system, or long-term medical records archive.
  • It does not replace the customer's HIPAA policies, workforce training, access reviews, notices, or downstream retention process.
  • It reduces temporary application-held data where configured, but delivered files remain under the customer's Drive and internal controls.

HIPAA Positioning

No software is automatically HIPAA compliant on its own. PHI Uploader provides technical and operational safeguards for secure intake, while the customer remains responsible for its own HIPAA program, Google Workspace configuration, users, devices, Drive permissions, and downstream handling of records.

PHI UploaderSecure document requests for healthcare workflows.
FeaturesPricingContactHelpSecurityTermsPrivacyBAA