BAA-first onboarding
Production PHI workflows are gated behind customer BAA readiness, customer Workspace BAA attestation, and platform owner PHI approval.
PHI Uploader is designed to support HIPAA-regulated document intake workflows once the BAA, customer Workspace BAA, platform owner approval, onboarding checklist, and customer controls are complete.
Production PHI workflows are gated behind customer BAA readiness, customer Workspace BAA attestation, and platform owner PHI approval.
Recipients use a request link plus a separately shared access code before submitting documents.
Uploads are staged in private storage before scanning and delivery. Staging is configured with lifecycle cleanup.
Files are scanned before clean delivery. Suspicious or failed files are not delivered as clean records.
Approved files and the generated PDF summary are delivered to the customer-approved Google Drive destination.
Request, upload, delivery, purge, BAA, Drive, and admin actions create PHI-safe audit events.
A healthcare organization creates a request packet and sends the secure link with a separate access code.
The recipient verifies the access code and completes the requested answers and documents without creating an account.
Files are uploaded into private staging and marked ready for processing.
The processing workflow scans each staged file before Drive delivery.
Clean files and the PDF summary are delivered to the configured customer Drive destination.
Temporary staging is cleaned up and raw answer values are purged after the PDF summary is uploaded.
Authorized customer users control the destination Drive folder and downstream access after files are delivered.
Platform access is limited to operating, securing, supporting, and maintaining the service under the applicable agreement and BAA.
No software is automatically HIPAA compliant on its own. PHI Uploader provides technical and operational safeguards for secure intake, while the customer remains responsible for its own HIPAA program, Google Workspace configuration, users, devices, Drive permissions, and downstream handling of records.