Clocktree was designed specifically for healthcare providers, with privacy and security of client data being a vital foundation of our platform.
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law passed in 1996 which requires secure handling of an individual’s health information (PHI). The Health Information Technology for Economic and Clinical Health (HITECH) Act, passed in 2009 and revised in 2013, provides a national standard for health information technology and strengthened the privacy and security protections spelled out in the original HIPAA laws. This act extends HIPAA security obligations to business associates. If you are a healthcare provider who uses Clocktree to manage client data, Clocktree is considered a business associate. Clocktree will extend a Business Associate Agreement (BAA), with your practice as the covered entity.
In accordance with HIPAA and HITECH laws, we have implemented the following physical, technical and administrative safeguards to ensure privacy and security of your clients’ data.
- All data is encrypted in transit and at rest
- HTTPS and AES 256 bit encryption**
- Servers include automatic data backup
- Every user has their own username and password with no support for shared logins
- Accounts are automatically logged out after 30 minutes of inactivity
- Infrastructure is behind a firewall and accessible by limited Clocktree staff
- Clocktree staff have undergone HIPAA compliance training and certification
- Clocktree has Business Associate Agreements in place with all 3rd party providers
- Unless permission is granted, no PHI is included in communications outside the Clocktree platform
- Restricted Clocktree staff access to PHI
- On site HIPAA Compliance Officer
- BAA available to all registered Clocktree practices
We take client privacy and security seriously at Clocktree and do everything we can to ensure HIPAA compliance. Please check with your legal counsel if you have specific questions regarding your practice’s compliance with HIPAA regulations.
**Some technical implementation details may change in the future.