PHI, handled the way your compliance officer would want
AppealNest is a HIPAA Business Associate. Protecting patient information isn't a feature we bolted on — it's how the product is built, end to end.
A BAA across the whole chain
AppealNest signs a Business Associate Agreement with your practice, and every service in our stack that could touch PHI operates under a BAA in turn — our LLM provider (on zero-data-retention endpoints), our cloud host, and our storage. PHI never flows to a service that hasn't signed one.
Encrypted at rest and in transit
Uploaded EOBs, chart notes, and generated letters are encrypted in storage (server-side encryption) and travel only over TLS. Download links are short-lived and single-purpose. We keep the minimum necessary — we ask for a practice's own patient reference, not the patient's name.
Every access is logged
An append-only audit trail records who viewed, uploaded, or downloaded each document, and when. Practice admins can review it at any time — the evidence you need for your own compliance program.
A human signs every appeal
AppealNest drafts; your licensed staff reviews, edits, and signs. The product never submits an appeal on its own. This isn't just a safety rail — it's how a payer-acceptable, accountable appeal is supposed to work.
Grounded drafting — no invented facts
The AI writes only from the documents you upload. It quotes your actual chart note and charting; it does not fabricate clinical findings. Missing evidence is surfaced as a checklist item, never papered over.
No payer-portal automation, ever
AppealNest does not log into, scrape, or automate any payer or plan portal. Denial data enters only through what your practice uploads or forwards, or through clearinghouse APIs built for third parties. We respect payer terms of service by design.
Questions from your compliance team?
We'll provide our BAA and answer the security questionnaire before you upload a single document. Start the trial with synthetic data if you'd rather see it work first.