Security & Compliance
Operationally boring, by design.
Healthcare-grade controls, written down where you can find them. SOC 2 Type II is in progress. HIPAA BAA available on request for Firm-tier customers.
Data isolation
Every query is scoped by company. Clients only ever see their own portfolio. Reviewers only see cases assigned to them.
Encryption
TLS 1.2+ in transit. AES-256 at rest via the database provider. Backups encrypted with separate keys.
Audit trail
Every case state change, every reviewer assignment, every report generation is logged with actor, timestamp, and payload.
Access control
Role-based access enforced in middleware AND in every API route. Admin, client, reviewer — three roles, no overlap.
Privacy
Perspectiv processes patient-related data only as a Business Associate on behalf of FQHC and review-firm Covered Entities. We do not sell or share data with third parties for marketing purposes. Full privacy notice available on request.
Terms
Standard MSA + DPA available on request. Pilot agreements run on a one-batch term and convert to annual at renewal.