Security & Compliance

Your patient data is protected at every step. Here's exactly how.

How We Protect PHI

📤

Upload

→

🔍

DLP Scrub

→

🏷️

Token Map
(72h TTL)

→

🤖

LLM
(masked only)

→

📝

Draft

→

👨‍⚕️

Human Review

→

📋

Export
(PHI restored)

PHI never leaves the secure boundary. The LLM only sees de-identified tokens.

Security Measures

🔍 GCP DLP API

Google Cloud Data Loss Protection API detects and classifies PHI (names, SSNs, DOBs, phones, emails, addresses) with enterprise-grade accuracy.

🏷️ Token Maps (72h TTL)

PHI is replaced with deterministic crypto-hash tokens. Token maps are stored separately and auto-purged after 72 hours.

🏢 Firestore Org Isolation

Every organization's data is physically separated in Firestore. Cross-tenant access is blocked at the database rule level.

🔐 Multi-Factor Authentication

MFA is required for all users. Firebase Auth enforces authentication before any data access.

📋 BAA with Google Cloud

Business Associate Agreement executed with Google Cloud. Vertex AI model training is explicitly disabled.

📊 7-Year Audit Trail

Every PHI access, status change, and user action is logged with timestamps and IP addresses. Logs are immutable.

👨‍⚕️ Human-in-the-Loop

AI drafts appeals but never sends them. Every appeal must be reviewed and approved by a credentialed human reviewer.

🔒 Encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Firebase and GCP handle encryption automatically.

HIPAA Compliance Checklist

✓
HIPAA Security Rule — Administrative, physical, and technical safeguards implemented.
✓
HIPAA Privacy Rule — PHI is de-identified before any processing. Minimum necessary standard enforced.
✓
BAA Executed — Business Associate Agreement with Google Cloud in place.
✓
No Model Training on PHI — Vertex AI model training is explicitly disabled. Only de-identified data reaches the LLM.
✓
Audit Trail — All PHI access logged with user ID, timestamp, and IP address. 7-year retention.
✓
Human-in-the-Loop — No auto-send. Every appeal reviewed by credentialed clinical reviewer.
✓
Data Encryption at Rest — AES-256 encryption via Google Cloud infrastructure.
✓
Data Encryption in Transit — TLS 1.3 for all data transfers.
✓
Access Controls — Role-based access (Super Admin, Org Admin, Reviewer). Org-scoped data isolation.
✓
Breach Notification — Audit logs enable rapid breach detection and notification per HIPAA requirements.

What Happens to Your Data

1. Upload

Denial letter and clinical notes are uploaded. Data is encrypted in transit and at rest.

2. Scrub (PHI Replaced)

GCP DLP API detects all PHI. Each identifier is replaced with a deterministic token. Original values are stored in a separate token map.

3. Draft (Masked Data Only)

Only de-identified text (with tokens) is sent to Vertex AI. The LLM never sees real patient data.

4. Review (Human Approves)

A credentialed reviewer edits and approves the draft. No auto-send.

5. Export (PHI Restored)

Token map restores original PHI into the approved appeal. PDF is generated and downloaded.

6. Token Map Purged (72h)

Token maps are automatically deleted after 72 hours. Audit logs are retained for 7 years.

Frequently Asked Questions

Is my data used for AI training?

▼

No. Vertex AI model training is explicitly disabled in our GCP project. Only de-identified data (with PHI replaced by tokens) ever reaches the LLM. Google's BAA confirms that customer data is not used for model training.

Who can see patient data?

▼

Only credentialed reviewers within your organization can see patient data. Access is controlled by Firestore security rules that enforce org-level isolation. Super admins can access all orgs within their tenant. All access is logged.

What happens if the system fails?

▼

If DLP scrubbing fails, the system falls back to a local regex-based PHI matcher. If both fail, processing halts and the appeal status is set to "error." No raw PHI is ever sent to the LLM. An admin notification is triggered for manual review.

How long is data retained?

▼

Token maps: Auto-purged after 72 hours.
Audit logs: Retained for 7 years (HIPAA requirement).
Appeals: Retained until deleted by an org admin.
Uploaded files: Retained until the associated appeal is deleted.

Is data encrypted?

▼

Yes. All data is encrypted at rest using AES-256 (managed by Google Cloud) and in transit using TLS 1.3. Firebase Auth tokens are signed and encrypted. No plaintext data is ever logged.

🔐 Bring MEO Appeal Writer to Your Organization

Need custom compliance configurations, dedicated support, or enterprise deployment? MEO Advisors provides hands-on implementation, white-label options, and ongoing compliance management for healthcare organizations of any size.

Visit meoadvisors.com