Security & HIPAA - ResolveRCM

Our Position

ResolveRCM is PHI-aware but not a PHI custodian. We do not store Protected Health Information on our servers.

Key Safeguards

Automated redaction of PHI during intake — PHI entered during processing stages is automatically detected and redacted
No server-side storage of PHI — Patient identifiers never leave your browser until final export
Final exports generated locally — Documents with PHI are assembled entirely on your device
Secure infrastructure and access controls — Enterprise-grade security for our platform and data

HIPAA

ResolveRCM does not act as a Business Associate and does not store PHI on its systems. Users are responsible for HIPAA compliance related to locally stored exports.

Our architecture is designed with HIPAA's "minimum necessary" principle in mind — we only process de-identified clinical information necessary to generate appeal documentation.

Data Flow

User enters de-identified clinical facts (no PHI)
AI generates appeal content with placeholder tokens
PHI stored in browser's local storage is merged client-side
Final document is exported directly to user's device

Contact

For security inquiries, contact us at:

Email: support@resolvercm.com