For healthcare
PHI transfer
that doesn't live in an inbox.
Encrypt. Witness. Destroy.
Hospitals, clinics, telehealth platforms, and health-tech vendors move PHI every day. CIPH4 is the encrypted-link channel for transfers that need to vanish on a schedule and produce defensible disposition evidence aligned with HIPAA technical safeguards.
THE CHALLENGE
Why email is the wrong channel
What teams in this role actually run into when secure transfer goes wrong.
01
Email is the top breach vector
Email attachments containing PHI are among the most-cited HIPAA breach vectors. A single misforwarded chart, lab result, or claim packet can trigger a notification process with state, federal, and contractual obligations.
02
Patient portals leave gaps
Patient portals cover patient-facing flows but rarely cover provider-to-provider, provider-to-vendor, or provider-to-payer transfers. That gap usually gets filled with email, the same channel that's the top breach vector.
03
Notification windows are tight
HIPAA gives 60 days; state laws are often shorter. When something goes wrong, defensible access trails and provable disposition timelines are the difference between a manageable incident and a regulator deep-dive.
THE SOLUTION
What CIPH4 gives you
The product surface that maps to those problems, one feature at a time.
01
Encrypted in the sender's browser
Every file is encrypted in the sender's browser before it leaves it. The plain document never reaches CIPH4. Addresses the HIPAA technical safeguards for encryption in transit and at rest (§164.312(a)(2)(iv) and §164.312(e)(1)).
02
Tamper-evident audit log
Every transfer is logged in a cryptographically chained audit record, serialized by an atomic database lock. Any after-the-fact change to a row is mathematically detectable. Maps to HIPAA §164.312(b) audit-control expectations.
03
Signed deletion receiptsEnterprise
Every Enterprise burn produces a cryptographically signed receipt, verifiable on our public /verify page. Your compliance officer files it as disposition evidence under HIPAA §164.310(d)(2) when documenting destruction of returned-to-sender PHI.
04
Recipient identity bindingTeams
Require the recipient to verify their email via a single-use magic link before they can decrypt. Defeats the misforwarding case where a link reaches someone other than the intended provider.
05
Compliance suite with HIPAA templateEnterprise
HIPAA framework template with control catalog inside the compliance suite. Populate with your own evidence, vendor assessments, and risk register, all linked to the audit chain.
06
File requests for inbound PHITeams
Collect signed releases, intake forms, and external records through an encrypted inbound link instead of an email attachment. Documents arrive encrypted at rest.
THE FLOW
How a typical workflow looks
A typical sequence — from intent to evidence — in three steps.
01
Compose
Provider or operations user drops the PHI document into a link, sets short expiry and a passphrase delivered out-of-band (via phone call or secure messaging).
02
Witness
Real-time access notification arrives the moment the recipient decrypts. Hash-chained audit log captures IP, geo, and timestamp.
03
Document
When the link closes, pull the signed deletion receipt. File it with the patient record or your vendor-engagement file as disposition evidence.
THE FRAMING
Where CIPH4 fits your program
How the same building blocks land against the frameworks your auditor cares about.
01
Frameworks we map
HIPAA, HITECH, state breach-notification laws, and (for EU patients) GDPR. Included as ready-to-use compliance templates with HIPAA §164.312 control mappings.
02
Controls we ship
In-browser encryption (the plain document never reaches CIPH4), tamper-evident audit log, recipient identity binding, and signed disposition receipts. Map to HIPAA §164.312(a)(2)(iv), (b), and (e)(1).
03
Artifacts we generate
Cryptographically signed deletion receipts you file as disposition evidence under §164.310(d)(2). Tamper-evident access log per PHI link, verifiable on our public /verify page.
Ready to see it?
20 free links a month, no credit card. When you need single sign-on, compliance templates, or signed deletion receipts your auditor can verify — we'll talk.