How We Protect Customer Data
RunRevenue is designed to help healthcare businesses collect reviews, referrals, and feedback without exposing sensitive customer information. We take data security seriously and follow HIPAA-aligned best businesses to protect both business and customers. This page explains how we approach security and compliance at a high level.

What Data RunRevenue Uses (and Doesn’t Use)
RunRevenue is not an electronic health record (EHR) system.We do not store medical histories, diagnoses, treatment notes, or insurance detailsWe do not access clinical charts or customer health recordsWe only process the minimum information required to send post-visit communications

Typical data may include:
• First name
• Contact information (email or phone)
• Visit timing or service category (when provided)

HIPAA-Aligned by Design
RunRevenue is built to support HIPAA-aligned workflows by minimizing risk and limiting exposure. Our approach includes:
• Data minimization (only what’s necessary)
• Role-based access controls
• Activity logging for sensitive actions
• Secure message delivery practices
• For practices that require it, Business Associate Agreements (BAAs) are available upon request.

Data Security Practices
We implement industry-standard safeguards to protect data at every stage.
• Encryption. Data encrypted in transit using TLS
• Data encrypted at rest using modern encryption standards
• Access Controls. Restricted system access
• Authentication and authorization requirementsInternal access limited to essential personnel only
• Monitoring & Logging. System activity monitoring
• Audit logs for key actions.
• Ongoing review of access patterns
• Infrastructure & Reliability. RunRevenue operates on secure, reputable cloud infrastructure with: Redundant systems; Regular security updates; Ongoing monitoring for vulnerabilities.

We continuously review and improve our security posture as standards evolve.

Your Role as a Business
RunRevenue provides the platform and safeguards. Businesses remain responsible for:
• Obtaining appropriate customer consent
• Ensuring accuracy of customer contact informationUsing the platform in accordance with applicable regulations
• We provide guidance and best businesses during onboarding to support compliant use.

Transparency & Trust
• We believe security should be clear, not confusing.
• If you have specific compliance requirements, work with a DSO, or need documentation for internal review, our team is happy to help.

Questions?
If you have questions about security, HIPAA alignment, or BAAs, please contact us through the site or request a short walkthrough.