Skip to main content
Notifications
You're all caught up.
View all notifications
OnlyHIPAA
← All documentation

Evidence

Evidence is the documentation that backs up your answers — policies, screenshots, reports, signed agreements. Auditors expect to see it, so attach it as you go.

Attaching evidence

Upload files directly on a question, finding, or remediation task, or from the Evidence library. Accepted types include PDF, Office documents, images, text, CSV, and ZIP.

Freshness & lifecycle

Evidence can carry a review date and an expiry date. The library flags items that are Review due, Expired, or Review soon, and a scheduled reminder notifies the uploader (or an admin) ~30 days before either date — so a 13-month-old SOC 2 report doesn't quietly go stale.

When an item is Expired or Review due, a one-click Refresh button appears next to it. Refresh opens the upload form already pointed at that evidence: you just pick the new file, and on upload it inherits the old item's links and review/expiry schedule, bumps the version, and marks the old row superseded — so the freshness panel clears, the attachment stays in place, and the full history is preserved rather than lost.

Sherpa intake (when AI is enabled)

In the evidence library, Summarize asks Sherpa to read a file and describe what it is — and to suggest which assessment questions it supports. Each suggestion appears as a one-click link button: confirm it and the file is attached to that question's answer in your most recent open assessment. You always confirm each link; nothing is attached automatically. Document contents are treated as untrusted data and no patient data is used to train the model.

OnlyHIPAA

Making HIPAA compliance accessible for every healthcare organization.

HIPAA SOC 2 NIST CSF

View our security posture →

Product

  • Frameworks
  • Sherpa AI
  • Risk Analysis
  • Compliance Operations
  • Reporting
  • Integrations & API
  • Pricing

Company

  • About Us
  • Team
  • Mission
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • BAA Template
  • Security

Resources

  • Documentation
  • HIPAA Guide
  • Blog
  • Status Page

© 2026 OnlyHIPAA, Inc. All rights reserved.

OnlyHIPAA provides tools to assist with HIPAA compliance but does not constitute legal advice. Consult qualified legal counsel for specific compliance guidance.