Rōvn is direct healthcare hiring infrastructure. We are building inside a HIPAA-eligible AWS foundation and are formalizing the operating-company program before connecting any production traffic to PHI. This page is the public version of our posture and is updated as evidence is added.
559849758760, region us-east-2).alias/rovn-phi), private, deletion protection enabled.399700000147857.| Control area | Status |
|---|---|
| AWS HIPAA-eligible foundation (BAA, KMS, VPC, audit, backup, restore drill) | In place |
| Application consent ledger and signed packet events | In place |
| Formal HIPAA Security Risk Assessment | In progress |
| Vendor BAA / DPA inventory and signed agreements | In progress |
| Formal HIPAA policies + workforce acknowledgements | In progress |
| Documented quarterly access review | In progress |
| Incident response tabletop and runbook | In progress |
| Production secrets fully in AWS Secrets Manager / SSM | In progress |
| Reviewed production application image pushed to ECR + ECS service enabled | Pending review |
| Production traffic connected to PHI backend | Pending |
| Independent third-party HIPAA assessment / SOC 2 readiness audit | Planned |
Hospitals can run direct hiring workflows on Rōvn today using verified, primary-source-checked credential data. Rōvn does not move PHI into production until the formal program above is complete. Customers contracting Rōvn for production PHI workloads will sign a BAA with Rōvn and may request the latest evidence binder under NDA.
Your credential data is yours. Rōvn does not release a packet to a hospital without your explicit consent. Every release is logged and you can revoke release at any time.
Last updated 2026-04-25. We update this page when a status changes from in progress to in place.