EN
Encryption
TLS transport security plus AES-256-GCM field encryption for sensitive application data.
Security + Compliance
Healthcare operations need security by design.
RideVoy is built with controls for healthcare transportation environments, including encrypted data handling, role-scoped access, PHI auditability, consent tracking, and trip verification evidence.
Core security controls
Control layers designed for multi-role healthcare transport operations.
RB
Access Control
Role-scoped permissions and organization boundaries across facility staff, drivers, and admins.
AU
Auditability
PHI access events and ride verification activity are logged for compliance and investigations.
AP
API Protection
JWT auth, origin validation, and rate-limited APIs reduce abuse and unauthorized access risk.
See detailed workflows for PHI audit + consent management and trip attestation + GPS verification.
HIPAA-ready operational practices
RideVoy supports healthcare privacy and security workflows with safeguards that align to real NEMT operating requirements, procurement reviews, and audit preparation.
| Control area | RideVoy support | Customer responsibility |
|---|---|---|
| Identity and access | Role-based authorization, organization scoping, and secure authentication flows | User provisioning, deprovisioning, and role governance |
| Data handling | TLS in transit, encrypted field storage, and secure application-layer handling | Minimum-necessary use policies and internal handling procedures |
| Operational logging | PHI access logs, ride event traceability, and trip attestation evidence capture | Log review cadence and incident response processes |
| Consent governance | Rider communication consent grant/revoke tracking (SMS, email, voice, data sharing) | Policy decisions and consent collection workflows |
| Reporting | CSV export support for downstream oversight workflows | Retention and distribution controls for exported records |
Business Associate Agreement (BAA)
HIPAA BAA availability
RideVoy is prepared to execute a HIPAA Business Associate Agreement (BAA) with covered entities and their business associates. Our BAA covers the platform's handling of Protected Health Information (PHI) during ride coordination, scheduling, and reporting workflows.
BAA review and execution is included as part of implementation planning — no additional cost, no separate procurement track. Contact our team to initiate the process or request a copy during your demo.
Security FAQ
Answers to common security and procurement questions.
Yes. Access is segmented by user role so facility users, drivers, and administrators only see and do what their role allows.
Yes. RideVoy logs PHI access events and provides a filterable admin view for review by user, resource type, and timeframe.
Yes. Consent status can be managed for SMS, email, voice, and data-sharing permissions with grant/revoke tracking.
Yes. Security review discussions can be included in implementation planning and procurement workflows.
Operational events are captured to support workflow traceability and internal auditing processes.
Yes. Ride workflows support GPS-stamped pickup/dropoff verification and optional driver signature attestation for documentation-heavy billing and compliance workflows.
Yes. Teams can export ride data for compliance, billing, or operational reporting under their internal governance process.
Yes. We execute BAAs with covered entities as part of onboarding. Contact sales@getridevoy.com or request a demo to begin the process.
Need a deeper security review for your team?
Request a technical walkthrough covering controls, workflows, and implementation planning.