HIPAA COMPLIANT

Privacy Policy

Effective Date: June 10, 2026  ·  Last Updated: June 10, 2026

PatientTrac Revela ("Revela", "we", "us") is a HIPAA-compliant electronic medical record (EMR) platform for plastic and reconstructive surgery. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with our services.

1. Protected Health Information (PHI)

Revela operates as a HIPAA Business Associate and/or Covered Entity depending on deployment context. All Protected Health Information (PHI) — including patient demographics, clinical documentation, operative notes, and surgical drawings — is:

2. AI Services and PHI

Revela's AI features (clinical flags, surgical proposals, operative note assistance) are powered by Anthropic Claude. All AI calls are routed through server-side Netlify Functions. Patient PHI (name, DOB, SSN, MRN, address, insurance ID) is scrubbed before transmission to any AI model. A BAA with Anthropic is required before PHI-adjacent data flows to Claude API.

3. Audit Logging — ONC §170.315(d)(2)

In compliance with the ONC 21st Century Cures Act, Revela maintains tamper-evident audit logs of all PHI access, modifications, and AI interactions. Audit records are stored in cr.ai_audit_log and include timestamp, provider ID, action, and encounter reference. No clinical content is logged.

4. Data Retention

Clinical records are retained for a minimum of 7 years from the date of last service (or 3 years after a minor patient reaches age 18, whichever is longer), consistent with applicable state and federal requirements.

5. Your Rights (HIPAA Notice of Privacy Practices)

Patients have the right to access, amend, and receive an accounting of disclosures of their PHI. Requests should be submitted in writing to the covered healthcare provider (your physician's practice).

6. Contact

Privacy Officer: privacy@patienttracforge.com
PatientTrac, LLC  ·  HIPAA Compliance Department