Identity Verification

How Harper confirms each patient’s identity

Before we request protected health information (PHI), Harper verifies the patient’s identity using Stripe Identity. This verification gives health information departments confidence that the requester is the individual named on the HIPAA authorization form.

1. Secure invitation

Patients begin in Harper’s secure portal. We authenticate their account with multi-factor verification before we collect any identity documents.

2. Government ID capture

Patients submit a photo of a government-issued ID (driver’s license, state ID, or passport) and a live selfie through Stripe Identity’s encrypted workflow. Images never touch Harper’s servers.

3. Stripe Identity checks

Stripe Identity analyzes the document security features, matches the selfie to the ID photo, and flags potential tampering. Harper receives only the verification result, not the underlying biometrics.

4. Compliance review

Our compliance team reviews each verification result before PHI requests are submitted. Failed or questionable matches trigger manual outreach to the patient for remediation.

What HIM teams receive

Verified authorization: Every HIPAA release includes the patient’s verified name, date of birth, and address exactly as confirmed through Stripe Identity.
Audit trail: We log the verification timestamp, verification status, and reviewer notes so you have confidence in the requester’s identity.
Secure delivery: Records are transmitted through encrypted channels following the minimum necessary standard outlined on our HIPAA compliance page.

For questions about verification or to confirm a patient request, contact us at hipaa@inbox.harper.new.

Learn more about Harper’s mission and services on our What is Harper page.