HIPAA Compliance

ClearPath is designed from the ground up to meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA).

Our Commitment to HIPAA Compliance

As a provider of healthcare technology services, ClearPath operates as a Business Associate under HIPAA. We are committed to maintaining the confidentiality, integrity, and availability of Protected Health Information (PHI) entrusted to us by our covered entity customers.

Our HIPAA compliance program includes comprehensive administrative, physical, and technical safeguards as required by the HIPAA Security Rule, as well as policies and procedures to comply with the HIPAA Privacy Rule.

HIPAA Safeguards

Administrative Safeguards

  • Designated Security Officer and Privacy Officer
  • Workforce training on HIPAA policies
  • Access management and authorization procedures
  • Incident response and breach notification procedures
  • Business Associate Agreement management
  • Regular risk assessments and audits

Physical Safeguards

  • Secure, SOC 2 Type II certified data centers
  • Facility access controls and monitoring
  • Workstation and device security policies
  • Media disposal and destruction procedures

Technical Safeguards

  • Unique user identification and authentication
  • Role-based access controls
  • Automatic session timeouts
  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Audit logging and monitoring
  • Integrity controls and data validation
  • Secure transmission protocols

Business Associate Agreements

We execute a Business Associate Agreement (BAA) with every customer who uses ClearPath to process PHI. Our BAA is included with all subscription plans at no additional cost and outlines our obligations for protecting your patients' information.

Breach Notification

In the unlikely event of a security incident involving PHI, ClearPath will notify affected customers without unreasonable delay, and no later than 60 days after discovery, as required by HIPAA. We maintain detailed incident response procedures to ensure timely and appropriate response to any security events.

Ongoing Compliance

HIPAA compliance is not a one-time achievement but an ongoing commitment. We regularly:

  • Conduct risk assessments to identify and address vulnerabilities
  • Update policies and procedures to reflect regulatory changes
  • Train employees on HIPAA requirements and best practices
  • Audit our systems and practices for compliance
  • Engage third-party auditors for independent assessments

Questions?

If you have questions about our HIPAA compliance program or need additional documentation for your compliance needs, please contact our Privacy Officer at [email protected].

Ready to Get Started?

Our BAA is included with every subscription. View our standard agreement or contact us for custom terms.

View Our BAAContact Privacy Team