- Does Clio fulfill the requirements of HIPAA?
- Clio Manage
HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information.
While Clio employs many of the standards outlined by HIPAA, we do not sign Business Associate Agreements (BAA) with our customers at this time. If you require a BAA to be signed (e.g. You are storing Personal Health Information (PHI) in Clio), you can pair Clio with one of our document integration partners so that you are HIPAA compliant. Either Box, Dropbox, or NetDocuments can sign the necessary BAA. Otherwise, HIPAA-covered entities can rely on Clio to provide:
- Data encryption in transit and at rest
- Restricted physical access to production servers
- Strict logical system access controls
- Configurable administrative controls available to the customer to:
- Grant explicit authorization to customer files to read, download, and edit
- Monitor access
- Reporting trail of account activities on both users and content
- Formally defined and tested breach notification policy
- Training of employees on security policies and controls
- Highly restricted employee access to customer data files
- Mirrored data center facilities with daily backups to mitigate disaster situations
- 99.9% uptime SLA
- SSAE 16 SOC 2 Report available by request and an NDA is required.