Skip to main content
All CollectionsPrivacy and securityGeneral privacy information
Can Upheal access clients' information stored on the platform?
Can Upheal access clients' information stored on the platform?
Aviva Glassman avatar
Written by Aviva Glassman
Updated over 2 weeks ago

How does Upheal keep protected health information (PHI) safe?

Personal data including protected health information (PHI) processed by the Upheal platform is stored in a pseudonymized format. This means that personal data is not stored in its original form but is instead replaced with a pseudonym or a random identifier. This process ensures that personal data is not directly identifiable, reducing the risk of unauthorized access to sensitive information.

For confidentiality of client information, Upheal implements a strong security culture and access management protocols to effectively prevent unauthorized access to personal data. Access to personal data is strictly controlled and limited to individuals who require access to perform their job functions. All access to personal data is logged and monitored, and access rights are reviewed regularly to ensure that they are appropriate and up-to-date.

When can Upheal access my clients’ protected health information?

Upheal only accesses a client’s protected health information (PHI) when it’s necessary in investigating a technical issue that you report to Upheal Support. Most technical problems are solved without any access to PHI, but sometimes, we need to see some details to understand exactly what went wrong. The Upheal Support team who may access PHI are HIPAA-trained engineers and act in line with our SOC 2 Type II attestation. They do not share, sell, or expose your data to others.

Reporting a technical issue includes:

  • Reaching out to Support in the Upheal web app or by email.

  • Giving a note or note section a low rating — You may opt out of transcript and note access per individual note.

What happens when Upheal accesses my client’s PHI to investigate a technical problem?

When you report a technical problem that requires access to PHI, a HIPAA-trained engineer who works for Upheal — a human, not AI or a computer system — manually inspects only the personal data necessary to investigate and solve the issue. The personal data accessed is not used for anything besides solving the problem. As soon as the issue is resolved, Upheal immediately stops accessing the PHI.

Did this answer your question?