A records-request platform for personal injury firms and the clinics that serve them. Every request tracked, every authorization on file, every action audited — with a trail that holds up in court.
| Provider | Sent | Status | Age | Fee |
|---|---|---|---|---|
| Jackson Memorial Hospital HIM · Fax 305-585-6789 | Apr 03 | Received | 17d | $124.00 |
| Miami Orthopaedic Group Portal · MyChart | Apr 03 | Received | 9d | $48.00 |
| Coral Gables Imaging Fax · 305-442-1104 | Apr 05 | Follow-up | 14d | — |
| Vargas Chiropractic Direct · Clinic | Apr 05 | Received | 4d | $26.00 |
| Mount Sinai Pain Mgmt. Mail · Records Dept. | Apr 07 | Overdue | 24d | — |
| Dr. L. Okafor, M.D. Fax · 305-390-2277 | Apr 07 | Sent | 12d | — |
Designed for the paralegal running eighty cases and the clinic office manager fielding the faxes those cases generate. Simple enough to learn in a morning.
Every records request — firm-submitted or clinic-logged — captured with the patient, requester, authorization, and status in one place.
Clinics log incoming fax and mail requests, mark authorizations as received, and record records sent with pages and fees.
Upload the signed HIPAA release, match it to the request, enforce its presence before records are released.
When records are complete, a seven-part brief — overview, injury, treatment, findings, billing, red flags, strength — compiled for partner review.
Every action, every actor, every timestamp — recorded permanently at the database layer. Never modified, never deleted.
Owners, admins, staff, attorneys, paralegals — each sees what their role requires, nothing more. Scoped per organization.
Each step produces a dated artifact the next step depends on. Nothing is reconstructed from memory.
When the final request is fulfilled, the system compiles a structured brief the attorney can review in fifteen minutes — organized exactly as a demand letter is.
Overview, injury, treatment timeline, diagnostic findings, billing, red flags, strength.
Each statement cites the document and page it was drawn from.
Nothing exports without a human sign-off on the review screen.
Patient, requester, jurisdiction — one canonical record.
Firm submits, or clinic logs an incoming fax or mail.
Authorization received, records sent, fees reconciled.
Seven-part summary, reviewed and exported.
Everything PHI-adjacent is encrypted, logged, scoped, and available for audit.
Administrative, physical, and technical safeguards. BAAs with every sub-processor.
AES-256 at the storage layer. Key material isolated from the application database.
Patient identifiers encrypted with authenticated AES-GCM before they hit the database row.
Modern ciphers only. HSTS. HttpOnly cookie authentication — no client-side token handling.
Every PHI-touching write logged with actor, timestamp, and before/after state. Enforced at the database.
Tenant scoping enforced at the query layer, verified by automated tests on every model.
From logging a request to delivering the summary brief. Coming as soon as every feature shown is final.