Available on request. Rubi will execute a Business Associate Agreement with healthcare tenants that have an active subscription. The BAA covers our role as a business associate handling PHI on the covered entity's behalf. Contact support to initiate; expect a few business days for legal review. Note: even with a BAA, HIPAA compliance is shared responsibility — Rubi covers our processing controls; tenant covers operational workflows.

Medical Contact Center — HIPAA-Aware Healthcare CRM with Customer-FK Patient Records

Healthcare-vertical CRM that extends the canonical customer record with PHI-specific medical metadata. Real PHI access logging, configurable audit retention (default 7 years), encryption-level setting, appointments / prescriptions / test results / consent forms. HIPAA-aware infrastructure — compliance posture remains the covered entity's responsibility.

Patients linked to your CRM customers · Real PHI access logging · Configurable audit retention · Secure settings save

Every patient is a customer in your CRM with healthcare-specific information attached: medical record number, insurance, primary care physician, pharmacy, and HIPAA consent date. Appointments, prescriptions, test results, consent forms, communications, and the audit log all live on the customer profile — no parallel patient records.

⚠️ HIPAA-aware, not HIPAA-certified.

Rubi provides infrastructure (audit logging, RBAC, encryption-at-rest hooks, BAA on request). HIPAA compliance is a posture maintained by the covered entity — the tenant remains responsible for the operational workflows, breach notification procedures, downstream BAAs, and staff training that actually earn compliance. The settings configure infrastructure; they do not certify your tenant.

What's in the box

Patients linked to your CRM

Every patient is a customer in your CRM with healthcare data attached. Appointments, prescriptions, test results, consent forms, communications, and the audit log all live on the customer profile. No duplicate patient records.

Real PHI access logging

Every patient record view is logged with action, resource type, fields accessed, the user, their IP, browser, and timestamp. Default retention 2,555 days (7 years). Configurable per tenant.

PHI metadata

Per-customer: external patient_id, medical_record_number, DOB, gender, middle_name, preferred contact method, preferred language, emergency contact, insurance (provider/policy/group), primary care physician, pharmacy, HIPAA consent date.

Appointments + prescriptions + test results

Sibling tables for appointment lifecycle (scheduled → confirmed → checked_in → in_progress → completed), prescription tracking with controlled-substance flags + DEA, test results with abnormal flags + reference ranges + interpretation.

HIPAA-aware settings

Strict vs Standard mode, PHI access timeout (15 min default), audit retention (7 years default), encryption level (AES-256), emergency access toggle, business hours, emergency contacts. Secure settings save.

Patient communication

Toggles for appointment reminders, text messaging (with consent), patient portal, telehealth, prescription refill alerts, test result notifications. Each toggle persists to settings and gates the corresponding workflow.

Consent form tracking

Per-patient consent forms (HIPAA, treatment, procedure) with signature method (electronic / paper / verbal), witness fields, document hash for integrity, restrictions, expiration, revocation tracking.

Tenant isolation

Every query is automatically scoped to your account. Admin overview surfaces per-tenant rollups for support oversight (read-only).

Setup steps

Activate the module. RubiMine → Medical Contact Center → Activate ($259.99/agent).
Apply the schema migration. A system administrator visits the migration page and clicks Apply schema. Safe to re-run anytime.
Backfill legacy patients (per tenant). The same migration page lists each tenant's existing patient records. Click Backfill for each tenant — the system matches existing customers by email or phone, or creates new customers when needed.
Finalize the link to your CRM customers. After all backfills are complete, click Finalize Links. Appointments, prescriptions, test results, consent forms, communications, and the audit log are now connected to your CRM customer records.
Verify state. Open the state viewer — every tenant should appear in the rollup with healthy status.
Configure HIPAA-aware settings. Tenant admin opens /tenant-admin/modules/medical-dashboard.php. Set HIPAA mode, PHI timeout, audit retention, encryption level, communication toggles, business hours.
Walk the agent flow. CRM → patient profile → confirm PHI access is logged. Schedule an appointment → confirm it's tied to the customer.

FAQ

What's Medical Contact Center for?

Healthcare-vertical CRM. Extends the canonical customer record with PHI-specific metadata, sibling tables for appointments / prescriptions / test results / consent forms / communications / audit log. Used by clinics, urgent care, telehealth, medical contact centers.

Is this HIPAA-compliant?

HIPAA-aware, not HIPAA-compliant. Rubi provides infrastructure (audit logging, RBAC, encryption-at-rest hooks, BAA on request). HIPAA compliance is a posture maintained by the covered entity. The settings configure infrastructure; they do not certify your tenant.

What does PHI access logging capture?

Every patient record view, create, or update: date, the user, their IP and browser, the action (view / create / update / delete / export / print), the resource type, the resource, the patient, and the specific fields accessed.

How do I configure audit retention?

Tenant admin dashboard → HIPAA-Aware Settings → Audit Log Retention (days). Range 365–3,650, default 2,555 (7 years). Note: today, audit-log cleanup is manual; an automated retention enforcer is on the roadmap.

What about BAAs?

Available on request. Rubi executes a Business Associate Agreement with healthcare tenants that have an active subscription. Contact support to initiate.

Can I import legacy patient records?

Yes — the backfill handles existing patient records automatically. For brand-new tenants, use the Create Patient flow on the CRM. CSV / HL7 / FHIR import is on the roadmap.

What permissions are needed?

CRM-side module: agents and admins. Tenant-admin dashboard: tenant-admin role. State viewer and migration page: system-admin role. Settings form is fully secured.

Is your data private to your team?

Yes — every query is automatically scoped to your account. Cross-account access returns empty.

What's on the roadmap?

Future enhancements: patient portal, telehealth video, prescription e-signing for controlled substances, HL7/FHIR import, audit-grade BAA signing, field-level PHI redaction enforcement, automated audit-log retention enforcer.

Resources

Last updated: 2026-04-28.