The patient system, built HIPAA-first
Automated intake, AI-drafted conversations, follow-up, and reactivation — with real BAAs, real encryption, and AI that never sees raw patient identifiers. The relationship engine your practice already needed.
Marketing tech was built for e-commerce. Patient data needs a different shape — and a different threshold for trust
One system, the whole patient relationship
From first form to five-year recall — automated where it should be, human where it must be.
Consent & onboarding
New patient enters — consent captured, forms auto-populated, records requested.
Welcome sequence
Personalized onboarding messages, appointment prep, and first-visit expectations.
AI-drafted replies
Two-way messaging with AI drafts — every reply reviewed by a human before send.
Post-visit care
Automated recovery instructions, symptom check-ins, and satisfaction feedback.
Recall & retention
Recall for overdue visits, birthday touches, and lapsed-patient sequences.
How data actually flows
Every arrow encrypted. AI works from redacted content only. Every access logged — permanently.
The controls, mapped and audited
Every card below maps to a real HIPAA Security Rule requirement. Not marketing language — the actual code sections.
Access control
Unique user IDs, RBAC, automatic logoff, encryption & decryption enforced.
Audit controls
Immutable, tamper-evident audit trails for every PHI access and modification.
Integrity
PHI is protected against improper alteration or destruction with hash verification.
Authentication
Multi-factor authentication for every staff account, no shared credentials.
Transmission security
TLS 1.3 for every packet in transit — internal and external.
Security management
Documented risk analysis, sanction policy, and information system activity review.
Facility access
Physical safeguards at HIPAA-eligible cloud data centers — SOC 2 audited.
Breach notification
Defined incident response, notification timelines, and disclosure workflow.
Talks to your existing systems
Every major EHR and PMS — plus dozens more via documented APIs.
Don't see yours? If it has an API, we can integrate. Ask us on your intro call.
The paperwork you actually need
Compliance isn't a badge on a homepage. Here's the documentation we bring on day one.
Signed. Dated. Auditable
Everything below is on the table before we start work — not after you ask, not after you sign. If any item can't be produced, we'll tell you before you spend a dollar.
What we hold ourselves accountable to
These aren't marketing numbers. They're the operational commitments we sign into every BAA.
The PRM, answered
The questions practice owners and IT leads ask us most.
01
What exactly is a PRM and how is it different from a CRM?
Definition
A CRM (customer relationship manager) is built for e-commerce and B2B sales. A PRM (patient relationship manager) is built for regulated healthcare communication — it treats every message as potentially containing protected health information, applies HIPAA safeguards by default, and integrates with EHR and PMS systems that CRMs never touch.
02
Do you sign a Business Associate Agreement (BAA)?
Legal
Yes. A signed BAA is a prerequisite for any engagement — not an add-on. We sign yours before we touch a single record, and we can review edits from your counsel. Anyone offering a “HIPAA-compliant” system without a BAA is not actually offering one.
03
Where is patient data stored and how is it encrypted?
Security
Data is stored in U.S.-based, HIPAA-eligible cloud infrastructure with AES-256 encryption at rest and TLS 1.3 in transit. Access is role-based, audit-logged, and time-bounded. No PHI ever leaves the encrypted boundary except through explicit, logged patient-facing channels.
04
Does the AI ever see raw patient identifiers?
AI Safety
No. Before any message reaches an AI model for drafting, our redaction layer strips names, dates of birth, MRNs, and other identifiers, replacing them with tokens. The AI works from the redacted content only; the final message is reconstructed inside the encrypted boundary. Your practice sees the full text; the model never does.
05
What EHR and PMS systems do you integrate with?
Integrations
We integrate with any system that offers a documented API or standards-based interface — including Epic, Athena, Cerner, Dentrix, Open Dental, Practice Fusion, Eaglesoft, Kareo, and dozens more. Integration is a scoped part of onboarding; we won't promise it if we can't deliver it.
06
What happens to our data if we cancel?
Governance
You own your data. On cancellation, we export it in an open, structured format within 30 days, then permanently delete it from our systems with a signed certificate of destruction. No lock-in, no ransom clauses, no exceptions.
Want to see the PRM with your data?
Book a scoped demo — we'll walk your practice manager and your IT lead through the same interface your team would use, and answer every compliance question on the call.
See it with your workflow.
Book a 30-minute scoped demo. Bring your practice manager and your IT lead — we'll answer every compliance question live, and hand off a spec you can review with your counsel.