Keeping PHI on-prem
Faxart runs OCR and language-model inference on hardware you own. Cloud LLM APIs are not used for fax content, even with a business-associate agreement in place. This page explains why that rule is stricter than HIPAA requires, on purpose.
The rule: no PHI off-premises
Section titled “The rule: no PHI off-premises”To read a page, the page image has to reach the compute node. A fax archive is PHI. So a rented cloud GPU would put PHI off-premises. HIPAA would permit that under an agreement; Faxart does not. The cheapest, most durable way to keep PHI on-prem is to never let it leave in the first place, rather than to rely on a contract and a vendor’s controls.
There is a practical corollary: for the kind of degraded fax this system reads, OCR is bound by the page detector, not by raw compute, so a rented high-end GPU buys almost nothing. The biggest compliance cost would have purchased one of the smallest speedups. On-prem is both the safer and the cheaper choice here.
Where the audit boundary sits
Section titled “Where the audit boundary sits”HIPAA wants PHI reads logged, not just writes. An application-layer audit log captures who clicked “download” with useful context, but it can be bypassed by anything that talks to the database directly. So Faxart uses two layers:
- A database-level audit floor that logs reads even if the app is bypassed. This is the boundary that cannot lie.
- Application-layer audit for the human-readable who and why overlay.
Together they give you a record that is both complete and legible.
No fax is silently dropped
Section titled “No fax is silently dropped”A page that cannot be classified, a delivery that fails, a print that jams: each becomes a visible, auditable state (held, quarantined, failed), never a silent loss. For a paper-only workflow a lost print is a lost fax, so it surfaces like any other failed delivery.