Every decision, from database design to API structure, treats patient data protection as the first constraint, not an afterthought.
PHI is encrypted at rest with AES-256 and in transit over TLS 1.2+. Encryption keys are managed through secure infrastructure.
Row-level security at the database layer means no practice can ever access, query, or view another practice's data.
Role-based controls at the application and database layers. People see only the data their role requires.
Every access to PHI is logged with user, action, timestamp, and records, retained at least six years for review.
MFA for administrative access, short-lived sessions with automatic expiry, and enforced password complexity.
A documented plan with defined escalation paths and breach-notification timelines compliant with HIPAA.
A user uploads a referral or fills the form. Data travels over TLS 1.2+ to Tether's API, validated and sanitized server-side.
AI extracts structured patient data in an isolated environment. The original document is stored encrypted; extracted data is written to the practice's isolated rows.
If the receiving practice is on Tether, the referral appears instantly over encrypted channels. If not, a HIPAA-compliant e-fax is sent with delivery confirmation.
Both sides see status in real time, every change logged. When the visit completes, the referring provider is notified and the record is closed.
Data is retained to healthcare record requirements. Practices can request export or deletion; deletion is verified and logged.
Tether executes a BAA with every practice before any PHI is processed, at no additional cost. Our BAA covers referral data, patient communications, and document storage.
Questions about our security practices? Email support@tetherhealth.co
We're happy to walk your team through the architecture and share our BAA before you commit to anything.
Request a demo →