Trust guide
Trust, security, and data request explanation
Trust copy should explain what is documented, what is available for review, and what is not claimed.
What a trust review should cover
Who can access record materials and under what role.
How upload, review, authorization, and sharing are separated.
How deletion, correction, privacy, billing, and authorization questions are routed.
What evidence is public and what requires partner, security, or legal review.
Which claims are not made without verified evidence.
Trust topics
Access control, private paths, share expiry, and download limits where implemented.
Data request paths and patient-authorized sharing.
Public evidence and review boundaries, not certification claims.
Provider and processing topics for review, not medical quality claims.
What this is not
- It is not a certification, legal approval, hospital approval, or launch-readiness claim.
- It does not make robots.txt a privacy control for sensitive routes.
- It does not approve real cross-border PHI workflows without the required evidence gates.
FAQ
Where should data requests start?
Use the public compliance or contact path for deletion, correction, privacy, billing, or authorization questions.
Can trust copy say certified?
Only if verified certification evidence exists and is approved for public use. Otherwise the copy should describe review topics and controls.