HIPAA Compliance

How CareNote protects health information

CareNote is designed to support HIPAA compliance for covered entities and business associates. We implement administrative, physical, and technical safeguards to protect Protected Health Information (PHI).

Encryption

AES-256 encryption at rest and TLS 1.3 in transit for all data, including PHI. Database-level encryption with managed keys.

Access Controls

Role-based access control (RBAC) with configurable permissions. Multi-factor authentication available for all accounts.

Audit Logging

Comprehensive audit trails tracking who accessed what data and when. Logs are immutable and retained for 7 years.

Infrastructure

Hosted on SOC 2 Type II certified cloud infrastructure. Regular penetration testing and vulnerability assessments.

BAA Available

We execute Business Associate Agreements (BAAs) with all customers who handle PHI through our platform.

Incident Response

Documented breach notification procedures. Notification within 60 days as required by the Breach Notification Rule.

Administrative Safeguards

  • Designated Privacy and Security Officers
  • Workforce training on HIPAA requirements and CareNote security policies
  • Risk assessments conducted annually
  • Documented policies and procedures for PHI handling
  • Sanction policy for workforce members who violate policies

Technical Safeguards

  • Unique user identification and authentication for all users
  • Automatic session timeout after inactivity
  • Emergency access procedures for system availability
  • Encryption and decryption of PHI
  • Integrity controls to prevent unauthorized alteration of PHI

Physical Safeguards

  • Cloud infrastructure hosted in physically secured, access-controlled data centers
  • Redundant systems and backups across multiple geographic regions
  • Proper media disposal procedures for any physical storage

Your Responsibilities

As a CareNote customer, you are responsible for:

  • Configuring appropriate role-based access for your staff
  • Training your workforce on proper use of the platform
  • Reporting any suspected security incidents promptly
  • Maintaining secure credentials and enabling MFA

Contact

For HIPAA-related inquiries or to request a BAA:
compliance@carenotehq.com

← Back to home