Most vendors bury compliance in a footer and hope you don't ask. We'd rather put it on one page, in plain language, including the parts where the honest answer is "not yet."
Last reviewed 15 July 2026
No badge wall. Here is our actual posture, stated plainly — including what we do not hold.
| Item | Status | Detail |
|---|---|---|
| HIPAA-aligned operations | Yes | Our workflows are built around HIPAA requirements from day one, not bolted on. |
| Business Associate Agreement (BAA) | Yes | We execute a BAA with every healthcare client before any protected health information is handled. |
| HIPAA training & certification for deployed talent | Yes | Every professional we deploy completes HIPAA training and holds certification through our own academy. |
| Written security & data-handling policies | Yes | Documented access-control, device, and data-handling policies our team works to. |
| SOC 2 Type II | On our roadmap | We are not SOC 2 certified, and we have not begun a formal audit. It is on our roadmap. We will say so here the moment that changes — and not a day before. |
| HITRUST | Not held | We do not hold HITRUST certification and are not currently pursuing it. |
Why we publish the gaps. Any vendor can print a badge. If we tell you plainly what we don't have, you can trust what we say we do have. That is the whole point of this page.
Protected health information only moves through channels we've contracted for. In practice:
Please don't send patient information through our website form. It isn't the right channel, and we'd rather tell you than quietly receive it. Ask us and we'll open a proper one.
Most of the risk in outsourced healthcare operations isn't technology — it's people. So we don't rent talent from a marketplace and hope for the best.
Our team operates from the Philippines. Our web infrastructure runs in Singapore. Our business email is provided by Microsoft. If you engage us from the United States, your information will be transferred to and processed in these locations.
We operate under the Philippines Data Privacy Act of 2012 (RA 10173), alongside the HIPAA obligations we take on contractually with our U.S. clients.
Worth stating, because it's unusual and it's easy to verify:
Full detail lives in our Privacy Policy.
If you're evaluating us, ask. We'd rather answer a hard security questionnaire than win on vagueness.
Email info@revconnexsolutions.com and it reaches a human who can actually answer.
This page is reviewed as our posture changes. If something here is out of date or you think a claim doesn't hold up, tell us at info@revconnexsolutions.com and we'll correct it. A trust page that isn't maintained is just marketing.