RelayCo.

Built to clear a security review.

We build systems that act on scheduling and billing data, so how we handle that data is part of the product, not an afterthought. Here is exactly how we treat patient information, and what we will share with your IT and security team.

HIPAA-compliant by design

Compliance is built into every system from the first session, not bolted on at the end. We design around the minimum data needed to do the job, and patient data never ends up somewhere it should not.

BAAs before any PHI

Anyone on our team who touches protected health information works under a business associate agreement, signed before access. There is no such thing as a HIPAA certification, so be careful with any vendor that claims one.

Least-privilege access

Access is limited to the people who need it for the work in front of them, and revoked when the work is done. Patient data is encrypted in transit and at rest.

Human in the loop

The AI employee drafts the work. A clinician or staff member validates every output before it counts. Nothing changes a record or a claim without a person approving it first.

Audit logs

Systems we build record who did what and when, so a multi-location group can answer an audit or a payer inquiry with a report instead of a scramble.

Built in your environment, so you can offboard cleanly

The code, the accounts, and the data live in your environment, not ours. Ending the engagement never means handing control of patient data to anyone, including us.

SOC 2 Type II is on our roadmap.

We are not going to claim a report we do not hold. We operate today under HIPAA and signed BAAs, with the controls above, and we are building toward a SOC 2 Type II audit as we scale into larger platforms.

If your diligence requires it, we will walk your team through our current controls, our data-flow diagrams, and our timeline, and we will sign a BAA before any work touches patient data. Ask us, and we will tell you exactly where we stand.

What your security team can ask for.

On request, and under NDA where appropriate, we will provide:

  • Our BAA template
  • Data-flow diagrams showing where patient data lives and moves
  • Our current security controls and access policies
  • Our SOC 2 roadmap and timeline
Talk to us about diligence

Want to know what the leak is costing you?

See where you're leaking

Every month you wait is another month the money keeps leaking. Give us thirty minutes and we'll show you where.