KCS - Does Clio meet HIPAA standards?

Objective:

  • Does Clio fulfill the requirements of HIPAA?

Environment:

  • Clio web app

Additional Information:

n/a

Answer:

While Clio employs many of the standards outlined by HIPAA, we do not sign Business Associate Agreements (BAA) with our customers at this time. If you require a BAA to be signed, you can pair Clio with one of our document integration partners so that you are HIPAA compliant. Either BoxDropbox, or NetDocuments can sign the necessary BAA. Otherwise, HIPAA-covered entities can rely on Clio to provide:

  • Data encryption in transit
  • Restricted physical access to production servers
  • Strict logical system access controls
  • Configurable administrative controls available to the customer to:
    • Grant explicit authorization to customer files to read, download, and edit
    • Monitor access
    • Reporting trail of account activities on both users and content
  • Formally defined and tested breach notification policy in the data center
  • Training of employees on security policies and controls
  • Highly restricted employee access to customer data files
  • Mirrored data center facilities with daily backups to mitigate disaster situations
  • 99.9% uptime SLA
  • SSAE 16 SOC 2 Report available by request and an NDA is required.
Was this article helpful?
This information is confusing or wrong
This isn't the information that I was looking for
I don't like this functionality