IV services may be provided by experienced registered nurses or advanced practice providers. RN visits always include provider oversight.

Most common illnesses are expertly handled by our APPs. If you have a complex medical history or prefer a physician's expertise, you can select the physician upgrade.

What wounds can you repair?

We treat simple lacerations on extremities and torso. Complex wounds involving tendons, arteries, or sensitive facial areas typically require emergency care.

Do you sign school forms?

Yes. Our providers can sign standard State of Illinois school health forms and IHSA sports participation forms.

What injuries can you treat?

We evaluate sprains, strains, minor fractures, dislocations, and other musculoskeletal injuries. If emergency surgery is needed, we'll coordinate urgent transfer.

Your Trust, Our Foundation

Every piece of data, every interaction, every visit — protected by enterprise-grade security and full HIPAA compliance. Conci is built on trust.

Learn About Our Services

Security Features

Enterprise-grade protection at every layer of our platform.

HIPAA Compliant Infrastructure

BAA-covered cloud infrastructure on Google Cloud Platform (US regions). Encrypted at rest with Customer-Managed Encryption Keys (CMEK). SOC 2 aligned with regular audits.

End-to-End Encryption

AES-256-GCM encryption for sensitive data at rest. TLS 1.3 for all communications in transit. Zero exposure of unencrypted patient information.

Row-Level Security

Every database query is scoped to the organization. 107 tables protected with RLS policies. Zero cross-tenant data access. Database-enforced isolation.

Role-Based Access Control

Deny-by-default authorization model. Four role tiers: Superuser, Admin, Triage, Provider. Providers only see what they need. Fine-grained permission scoping.

Audit Trails

Every action is logged with timestamp and actor. Consent records are immutable. Document signing includes tamper-evident PDF seals.

Privacy by Design

Cookie consent management (ConciTrust). CCPA Do Not Sell compliance. Global Privacy Control (GPC) auto-detection. Transparent opt-out mechanisms.

Module-Level Security

Every module is built with security as a core requirement.

ConciSign

HIPAA-compliant e-signatures with tamper-evident PDF seals, immutable signing records, and complete audit trails.

ESIGN Act & UETA compliant
Tamper-evident seals
Immutable records
Audit trail logging

ConciChart

Clinical documentation with provider-only access, signed notes that cannot be altered, and addendum-only corrections.

Provider-scoped access
Signed, immutable notes
Addendum-only modifications
Complete audit logs

ConciTrust

Cookie consent and privacy management with CCPA compliance, automatic GPC signal detection, and transparent opt-out.

CCPA/CPRA compliance
GPC auto-detection
Granular consent
Transparent tracking

ConciYou

AI assistant with three-tier data classification, MFA for personal data access, and per-user encryption.

Data classification tiers
MFA protection
Per-user encryption
Audit logging

Trusted & Certified

Conci meets and exceeds industry standards for healthcare data protection and privacy compliance.

HIPAA

Health Insurance Portability and Accountability Act

CCPA/CPRA

California Consumer Privacy Act

ESIGN & UETA

Electronic Signatures Compliance

GPC

Global Privacy Control

SOC 2

Security, Availability, and Confidentiality

Data Storage & Privacy

Clear, honest answers about where your data lives and how we protect it.

Where Your Data Lives

Patient data is stored in Google Cloud Platform US regions only. We do not replicate data internationally. All storage is encrypted with Customer-Managed Encryption Keys (CMEK), giving you control over encryption management.

Data Ownership

Your data belongs to you. Patients have the right to request export of their complete medical record and to request deletion. We honor both requests in compliance with HIPAA and CCPA.

No Data Sales

We have never sold, and will never sell, patient data to third parties. We do not monetize your health information. Your trust is our highest priority.

Regular Audits

We conduct regular security audits and penetration testing by third-party experts. Our infrastructure undergoes continuous compliance monitoring and improvement.

Our Security Principles

Privacy by Default

Every new feature is designed with privacy as a first-class requirement, not an afterthought.

Least Privilege

Users receive only the access they need. Permissions are denied by default and granted explicitly.

Audit Everything

Every action on sensitive data is logged with full context. Logs are retained and regularly reviewed.

Transparent Operations

We tell you how your data is used, stored, and protected. No hidden practices or surprise terms.

Ready to experience care you can trust?

Book your first visit with Conci and experience urgent care without compromise.

Book a Visit