We're required to store data to provide services and support you and all our other customers. Below, we specify what customer-generated data we store, how long we store it for product functionality, and why we use it. We also distinguish the data retention policies for protected health information (PHI) versus other types of data.
What we store | Description | How long | Why |
|---|---|---|---|
PHI in payloads | Full request payloads containing PHI sent through Redox. | 60 days. | For (a) troubleshooting and support; (b) recent transaction data in the dashboard; and c) historical data replays. |
PHI in searches | Search index that contains salted and hashed identifiers from request payloads—including patient names and identifiers, provider IDs, and other record IDs. | 60 days. | For (a) troubleshooting and support; and (b) logs in the dashboard. |
PHI in data operations | Field paths containing patient identifiers, provider IDs, or other record IDs to filter or translate during log processing. | Contract duration (Redox purges data within 30 days of customer account closure). | For supporting customer-configured data operations (i.e., filters, translation sets) |
PHI in data on demand | Data on demand stores (a) patient identifiers, basic demographics; (b) provider data; (c) reference URLs to files sent to integrated systems; (d) encoded base64 strings for files sent to integrated systems; and (e) scheduling, orders, and results data. Learn more about data on demand. | Contract duration (Redox purges data within 30 days of customer account closure). | For (a) providing a database to query when your connection's system doesn't support query requests; and (b) accessing stored event-based messages via query requests. |
PHI in backfill searches | Search index for backfill data that contains salted and hashed identifiers from request payloads—including patient names and identifiers, provider IDs, and other record IDs. Learn more about backfilling. | 14 days. | For (a) troubleshooting and support; and (b) logs in the dashboard. |
Metadata (no PHI) | Any metadata about requests sent through Redox. | Available for a minimum of 60 days (via the Redox dashboard and Platform API), but may be stored indefinitely. | For (a) troubleshooting and support; (b) audit logging; and (c) informed product enhancements. |
Metadata for backfill requests (no PHI) | Any metadata about queries to backfill data. Learn about backfilling. | Available for a minimum of 14 days (via the Redox dashboard and Platform API) but may be stored indefinitely. | For (a) troubleshooting and support; (b) audit logging; and (c) informed product enhancements. |
System backups | Backups of stored data. | Minimum of 30 days. | For data restoration purposes and resiliency. |
System and security logs | Logs generated by our cloud-based security tools. | 90 days active; 1 year archived. | For risk and incident management. |
Antivirus scan logs | Logs generated by our antivirus/malware solution. | Minimum of 1 year archived. | For risk and incident management. |
Redox organization user information | Names, email addresses, or profile information of any users that are part of a Redox organization. | Contract duration (Redox purges data within 30 days of customer account closure). | For product delivery. |
Usage statistics | Any metadata about the number of successful API requests made for a specified date range. Learn about managing transaction usage. | Available for a minimum of 1 year (via the Redox dashboard and Platform API) but stored for 13 months. | For monitoring transaction usage. |
We also store data for compliance and regulatory purposes. This data isn't related to product functionality. Contact us if you have questions or would like a copy of our full data retention policy.