Caretable
 Back to Home

HIPAA Compliance

How Caretable protects your data

Caretable is committed to maintaining the highest standards of data protection for Protected Health Information (PHI). We implement comprehensive safeguards across technical, administrative, and physical domains as required by HIPAA and the HITECH Act.

Technical Safeguards

Encryption in Transit

All data is encrypted using TLS 1.2+ between your browser and our servers.

Encryption at Rest

Database storage uses AES-256 encryption for all data including PHI.

Role-Based Access Control

Users only access data relevant to their role (Provider or Referrer) via row-level security policies.

Automatic Session Timeout

Sessions expire after 15 minutes of inactivity to prevent unauthorized access to unattended devices.

Comprehensive Audit Logging

Every access, creation, and modification of PHI is automatically logged with user identity and timestamp.

PHI Redaction for AI

Client names, phone numbers, SSNs, emails, and dates of birth are automatically stripped before any data reaches AI services.

Administrative Safeguards

Business Associate Agreements

We maintain BAAs with all third-party vendors that may access PHI on our behalf.

Workforce Training

All personnel with access to PHI receive HIPAA compliance training upon hire and annually thereafter.

Incident Response Plan

Documented procedures for identifying, containing, and reporting data breaches within required timeframes.

Regular Risk Assessments

Periodic security risk assessments identify and mitigate potential vulnerabilities in our systems.

Minimum Necessary Standard

The platform is designed to collect and display only the minimum PHI necessary for referral coordination.

Physical Safeguards

Cloud Infrastructure Security

Our infrastructure is hosted in SOC 2 Type II certified data centers with physical access controls.

Data Center Redundancy

Data is replicated across multiple availability zones to ensure availability and disaster recovery.

Your Responsibilities

While Caretable provides the technical infrastructure for HIPAA compliance, covered entities and business associates using the platform also have obligations:

  • Execute a Business Associate Agreement (BAA) with Caretable before transmitting PHI.
  • Obtain appropriate client consent before creating referrals.
  • Use strong, unique passwords and never share account credentials.
  • Report suspected data breaches within 24 hours to info@caretable.com.
  • Maintain your own HIPAA compliance program, including workforce training and policies.

Request a Business Associate Agreement

Organizations that transmit PHI through Caretable must have a BAA in place. Complete this form and our compliance team will follow up within 2 business days.

You must be signed in to submit a BAA request.

Sign in to continue
AI Document Summarizer

Paste any compliance document (BAA, policy, procedure) to extract key obligations and action items.

Questions?

For questions about our HIPAA compliance program or to report a security concern, contact us at info@caretable.com.