Trust Center
Operational, never clinical.
In behavioral healthcare, the compliance story is the trust story. RVKAI works exclusively on the administrative side of admissions, HIPAA compliant, with a BAA signed day one and a human always in the loop.
Built to follow
HIPAASOC 242 CFR Part 2HITECH
Trust Ledger
The facts your compliance team checks
HIPAA Compliant
PHI protected at rest and in transit
BAA Signed Day One
Executed before deployment begins
Uptime SLA
Mission-critical reliability
Human In The Loop
Every clinical handoff stays human
Operates on
Capture, routing, scheduling, eligibility, follow-up.
Never touches
Diagnosis, clinical eligibility, treatment decisions.
Every handoff to a clinical team member is deliberate and documented.
Standards
Compliance Standards
Built to follow healthcare industry security and privacy standards
HIPAA Compliance
Full compliance with the Health Insurance Portability and Accountability Act. We protect PHI with the highest standards.
Business Associate Agreements (BAA)
PHI encryption at rest and in transit
Minimum necessary access controls
Audit logs and monitoring
Breach notification procedures
SOC 2 Aligned
Security controls designed to meet SOC 2 standards for service organizations, covering security, availability, and confidentiality.
Ongoing security assessments
Security controls verification
Availability monitoring
Processing integrity checks
Confidentiality assurance
42 CFR Part 2
Designed with 42 CFR Part 2 standards in mind, providing additional privacy protections for substance use disorder treatment records.
Stricter consent requirements
Enhanced record protections
Limited disclosure rules
Specialized staff training
Audit trail requirements
Risk Profile
Security Risk Profile
Transparent risk assessment reflecting our commitment to protecting sensitive healthcare data
Data Access Level
Restricted
Access to sensitive data is tightly controlled and limited to authorized personnel only.
Impact Level
Severe
We recognize the critical nature of healthcare data and maintain the highest protection standards.
Recovery Time Objective
Immediate
Our systems are designed for immediate recovery to ensure zero downtime for critical operations.
Product Security
Product & Data Security
Multi-layered security controls protecting every aspect of our platform
Audit Logging
Comprehensive audit trails for all system access, data modifications, and administrative actions.
Data Security
AES-256 encryption at rest and TLS 1.3 in transit for all sensitive data.
Multi-Factor Auth
Required MFA for all system access and admin functions.
Role-Based Access
Granular permissions ensure minimum necessary access at every level.
Access Monitoring
Real-time monitoring of all access events with automated alerting for anomalies.
Responsible Disclosure
Formal vulnerability disclosure program for ethical reporting of security issues.
Infrastructure
Infrastructure Security
Enterprise-grade infrastructure with continuous monitoring and physical safeguards
Secure Infrastructure
Best-in-class infrastructure providers with enterprise-grade secure computing and storage.
Network Security
Corporate network protected against external and internal threats with defense-in-depth.
Endpoint Security
Industry best practices for endpoint security across all company devices.
Continuous Monitoring
Systems continuously monitored for security threats and vulnerabilities 24/7.
Physical & Environmental
Access monitoring, alarm systems, surveillance, and controlled alternate work sites.
Regular Audits
Quarterly penetration testing, security assessments, and self-assessment questionnaires.
Organizational
Organizational Security
Comprehensive policies, processes, and teams dedicated to maintaining security at every level
Corporate Security
Internal measures and practices to maintain a high standard of organizational security.
Incident Response
Dedicated team responding to security incidents with defined playbooks and escalation procedures.
Risk Management
Dedicated team managing security risks with ongoing assessment and mitigation strategies.
Asset Management
Strict asset management policies ensuring all assets are inventoried, tracked, and secure.
Business Continuity & DR
Business continuity plan ensuring continued operations in the event of a disaster.
Change Management
Changes are properly reviewed, approved, and documented through a formal process.
AI Security & Governance
Our AI systems are built with security-first principles. We maintain strict data handling protocols for all AI interactions, ensuring patient information is never used for model training without explicit consent. All AI-generated outputs are monitored, logged, and subject to the same compliance standards as human interactions.
Data isolationPrompt securityOutput monitoringConsent management
Commitment
Our Commitment
Compliance is not just a checkbox, it's embedded in our culture and operations
Staff Training
All team members complete security awareness and HIPAA training to ensure best practices.
BAA Agreements
We sign Business Associate Agreements with all clients handling protected health information.
Compliance Team
Dedicated compliance officers ensure ongoing adherence to all regulatory requirements.
ESG Commitment
Environmental, social, and governance considerations are embedded in our operations and decisions.
Data Privacy
Customer data privacy is top of mind. We follow industry best practices and all applicable regulations.
Legal Oversight
Legal counsel reviews all commercial activities. We take legal matters seriously at every level.
Explore our full Trust Center
Start your security review, view and download documentation, and request access to detailed security reports and self-assessments.