Built for Healthcare
FaceSheetApp handles protected health information (PHI) and is designed from the ground up to meet the access, authentication, and data-handling requirements of HIPAA-covered entities.
Compliance
FaceSheetApp is purpose-built for healthcare practices that handle patient health information and operate under HIPAA requirements. Every aspect of the platform reflects that responsibility.
By design, FaceSheetApp does not store patient records in our system after each work session ends. Facesheet documents and extracted patient data are cleared at session close β they live in your EMR, not in FaceSheetApp's servers. This architectural decision was made specifically for HIPAA compliance and patient privacy. Your patient data belongs to your practice, not to us.
Every user account requires Microsoft multi-factor authentication (MFA). There are no exceptions and no workarounds β MFA is enforced for all access to patient data, every login.
Authentication is powered by Microsoft's enterprise identity platform, the same infrastructure used by thousands of hospitals and healthcare organizations worldwide.
Staff access is strictly role-based. Each user can only see and interact with the patient data and practices they are authorized for. Administrators control who has access and can revoke it instantly.
Each practice's data is completely isolated from all other customers. There is no shared data space β your patient information is accessible only to your authorized staff.
FaceSheetApp is available exclusively to healthcare providers and practices located in the United States. Patient data is processed and stored within US infrastructure.
All significant actions within FaceSheetApp β sessions, patient record changes, staff activity β are tracked. Practice administrators have visibility into who did what and when.
Our Commitments
FaceSheetApp processes only the patient data necessary to complete EMR entry. We do not build patient profiles, sell data, or use PHI for any purpose other than completing the task your staff authorizes.
Patient data handled by FaceSheetApp is never shared with third parties outside of your EMR integration. Your patient records stay between your practice and your EMR system.
All data transmitted through FaceSheetApp β including facesheet documents and patient records β is encrypted in transit. Sensitive credentials are never stored in plain text.
As a business associate under HIPAA, CityBilling, LLC is prepared to enter into a Business Associate Agreement with covered entities using FaceSheetApp. Contact us to discuss BAA execution prior to or during your onboarding.
Contact Us About a BAA β