BehaviorDocs
Enterprise-Grade Security

HIPAA Compliance

BehaviorDocs is committed to protecting the privacy and security of your clients' Protected Health Information (PHI).

Our Commitment

As a platform serving healthcare professionals, we understand the critical importance of HIPAA compliance. BehaviorDocs implements comprehensive administrative, physical, and technical safeguards to protect all PHI processed through our platform.

We regularly review and update our security practices to ensure continued compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.

Business Associate Agreements

BehaviorDocs provides BAAs to all covered entities that require them. Our BAA outlines our responsibilities for protecting PHI and our compliance obligations under HIPAA.

BAA Coverage Includes:

  • Permitted uses and disclosures of PHI
  • Safeguards we implement to protect PHI
  • Breach notification procedures
  • Subcontractor requirements
  • Return or destruction of PHI upon termination

To request a BAA, contact us at compliance@behaviordocs.com

Security Measures

Multiple layers of protection to keep your data safe and compliant

Encryption at Rest

All data encrypted using AES-256 in our databases and file systems.

Encryption in Transit

All data transmitted is protected using TLS 1.3 encryption.

Access Controls

Role-based access ensures only authorized personnel can access PHI.

Audit Logging

Comprehensive audit logs track all access to PHI — who, what, and when.

Incident Response

Detailed incident response procedures to address potential security events.

Regular Assessments

Security assessments and penetration testing to identify vulnerabilities.

Shared Responsibilities

Maintaining HIPAA compliance is a shared responsibility between BehaviorDocs and our users.

What We Do

  • Security Officer

    Designated Security Officer responsible for developing and implementing security policies.

  • Workforce Training

    All employees undergo HIPAA training upon hiring and receive regular refresher training.

  • Security Policies

    Comprehensive security policies and procedures govern how we handle PHI.

  • Contingency Planning

    We maintain data backup, disaster recovery, and emergency mode operation plans.

  • Evaluation

    Regular evaluations ensure our security measures remain effective and compliant.

What You Should Do

  • Use strong, unique passwords and enable two-factor authentication
  • Never share your login credentials with others
  • Only access PHI on secure, private networks
  • Log out of your account when not in use
  • Report any suspected security incidents immediately
  • Ensure your organization has appropriate policies in place
  • Only enter the minimum necessary PHI required for documentation

Questions About HIPAA Compliance?

Our compliance team is here to help with any questions about our security practices.

Contact Compliance TeamReport Security Issue