Learn from the best and brightest in legal, technology, and beyond! Join us at the 2019 Clio Cloud Conference — San Diego | October 21-22, 2019.

Does Clio meet HIPAA standards?


  • Does Clio fulfill the requirements of HIPAA?


  • Clio Manage

Additional Information:



While Clio employs many of the standards outlined by HIPAA, we do not sign Business Associate Agreements (BAA) with our customers at this time. If you require a BAA to be signed, you can pair Clio with one of our document integration partners so that you are HIPAA compliant. Either BoxDropbox, or NetDocuments can sign the necessary BAA. Otherwise, HIPAA-covered entities can rely on Clio to provide:

  • Data encryption in transit and at rest
  • Restricted physical access to production servers
  • Strict logical system access controls
  • Configurable administrative controls available to the customer to:
    • Grant explicit authorization to customer files to read, download, and edit
    • Monitor access
    • Reporting trail of account activities on both users and content
  • Formally defined and tested breach notification policy
  • Training of employees on security policies and controls
  • Highly restricted employee access to customer data files
  • Mirrored data center facilities with daily backups to mitigate disaster situations
  • 99.9% uptime SLA
  • SSAE 16 SOC 2 Report available by request and an NDA is required.
Was this article helpful?
This information is confusing or wrong
This isn't the information that I was looking for
I don't like this functionality