Effective Date: June 10, 2026 · Last Updated: June 10, 2026
PatientTrac Revela ("Revela", "we", "us") is a HIPAA-compliant electronic medical record (EMR) platform for plastic and reconstructive surgery. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with our services.
Revela operates as a HIPAA Business Associate and/or Covered Entity depending on deployment context. All Protected Health Information (PHI) — including patient demographics, clinical documentation, operative notes, and surgical drawings — is:
Revela's AI features (clinical flags, surgical proposals, operative note assistance) are powered by Anthropic Claude. All AI calls are routed through server-side Netlify Functions. Patient PHI (name, DOB, SSN, MRN, address, insurance ID) is scrubbed before transmission to any AI model. A BAA with Anthropic is required before PHI-adjacent data flows to Claude API.
In compliance with the ONC 21st Century Cures Act, Revela maintains tamper-evident audit logs of all
PHI access, modifications, and AI interactions. Audit records are stored in cr.ai_audit_log
and include timestamp, provider ID, action, and encounter reference. No clinical content is logged.
Clinical records are retained for a minimum of 7 years from the date of last service (or 3 years after a minor patient reaches age 18, whichever is longer), consistent with applicable state and federal requirements.
Patients have the right to access, amend, and receive an accounting of disclosures of their PHI. Requests should be submitted in writing to the covered healthcare provider (your physician's practice).
Privacy Officer: privacy@patienttracforge.com
PatientTrac, LLC · HIPAA Compliance Department