Security & Privacy First

HIPAA Compliance

Your data security and patient privacy are our highest priorities. BoostNotes is committed to HIPAA compliance with comprehensive safeguards.

HIPAA Compliant

Committed to HIPAA compliance standards

Secure Infrastructure

Enterprise-grade security measures

Data Protection

Encryption and access controls

BAA Available

Business Associate Agreement provided

Comprehensive Security Safeguards

We implement all three types of HIPAA safeguards to protect your data

Technical Safeguards

  • End-to-end encryption (AES-256)
  • Encrypted data transmission (TLS 1.3)
  • Multi-factor authentication
  • Automatic session timeouts
  • Regular security audits
  • Intrusion detection systems

Physical Safeguards

  • Secure cloud infrastructure
  • Access controls and monitoring
  • 24/7 security monitoring
  • Redundant power and cooling
  • Regular facility audits
  • Disaster recovery systems

Administrative Safeguards

  • Risk assessment and management
  • Comprehensive security policies
  • Regular staff training
  • Business Associate Agreements
  • Incident response procedures
  • Audit logging and monitoring

Access Controls

  • Role-based access control (RBAC)
  • Minimum necessary access
  • Unique user identification
  • Automatic logoff
  • Emergency access procedures
  • Access audit trails

Military-Grade Encryption

All protected health information (PHI) is encrypted using AES-256 encryption at rest and TLS 1.3 in transit. This is the same level of security used by banks and government agencies.

Encryption at Rest

All data stored in databases and backups is encrypted with AES-256

Encryption in Transit

All data transmitted is protected with TLS 1.3 encryption

Key Management

Encryption keys are managed using industry best practices

Security Highlights

Zero-Knowledge Architecture
We cannot access your unencrypted data
Regular Security Audits
Continuous monitoring and testing
Comprehensive Logging
Full audit trails of all access
Incident Response
24/7 security monitoring and response

Business Associate Agreement

We sign Business Associate Agreements (BAA) with all covered entities to ensure HIPAA compliance.

Our BAA Includes:

  • Permitted and required uses of PHI
  • Safeguards to protect PHI
  • Breach notification procedures
  • Subcontractor requirements
  • Termination and return of PHI

Questions about our security?

Our security team is here to answer any questions about HIPAA compliance.