HIPAA
We follow the latest security industry standards and best security practices to protect our servers, ensure information security and comply with all applicable laws and regulations, such as GDPR.
HIPAA compliance is essential for any entity or business associate that handles Protected Health Information (PHI). It's important to clarify that Behavioral Health Notes neither retains, transmits, nor stores any PHI. Our system is designed so that clinicians' data, folders, and generated notes reside solely in their respective Electronic Health Record (EHR) systems. We don't transmit or store PHI on our servers. All interactions with our software occur locally on your computer, directly within your browser.
Consequently, the safeguarding of such information falls under the clinician's purview. Clinicians are responsible for ensuring that electronic files are managed in a HIPAA-compliant fashion, either within an EHR or on their own secured hard drives. They must also take precautions against unauthorized access to their personal computers and make sure that backup copies of electronic PHI are safely stored in an off-site location.
Additionally, it's crucial for users to understand that entering any PHI into our system is strictly prohibited and constitutes a breach of our terms of use.
In summary, given the local nature of our software's operations, we are technically not subject to HIPAA compliance mandates. However, recognizing our role in aiding clinicians with their documentation tasks and encouraging them to input electronic PHI into their own systems, we exercise utmost caution. Driven by our commitment to uphold the highest ethical standards in mental healthcare, we've implemented a comprehensive security program to offer an added layer of protection.
Read more about our General Security Measures.