Security & PHI

Keep sensitive records out of the public website.

The PRP website, scheduling pages, and claim-fit review are designed for business-level information only. Patient records move through a separate onboarding workflow.

Do not submit PHI here

Never place patient names, dates of birth, member IDs, claim numbers, or clinical documents into a public or scheduling field.

Before onboarding

Business information only

PRP can begin with specialty, payer mix, approximate claim volume and value, supported pathway, and documentation readiness. None of those questions requires a patient identifier.

Before PHI exchange

Contract and secure intake

When the relationship requires PRP to receive protected health information, the parties establish the appropriate services agreement, business associate agreement, and secure intake method first.

During operations

Purpose-limited handling

PRP’s operating model is designed around controlled access, minimum-necessary use, defined workflow ownership, and exchange through approved systems rather than public forms or ordinary scheduling tools.

Client validation

Review before launch

Security requirements, system access, document exchange, retention, and client-specific controls are reviewed as part of implementation.

Authoritative reference

Business-associate obligations are contractual and operational.

HHS explains that covered entities and business associates generally use written agreements that define permitted uses of PHI and require appropriate safeguards.

Review HHS business-associate guidanceThis page does not represent SOC 2 certification or any other third-party security certification.

Security review

Align the intake and access model before records move.

Start with business-level information; PRP will identify the appropriate next step.

Request a claim review