The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that aims to protect sensitive patient health information. If you are generating PDFs containing Protected Health Information (PHI), you must take the following steps to ensure you are using DocRaptor in a HIPAA-compliant manner.
HIPAA compliance is available on any paid DocRaptor account, but enabling compliance requires completing the following two-step process.
1) Log in to your DocRaptor account, click Settings in the top menu, select "HIPAA Compliance Mode" as your Data Retention Time, then click Update Settings. NOTE: Once HIPAA Compliance Mode is enabled, you can not disable it. Read on for more details about this setting.
HIPAA Compliance Mode means the following:
Document input and output are deleted as soon as possible.
Only API access to the finished document is allowed.
The Help Request feature is disallowed in the UI and via the "help" API parameter.
Any existing Help Requests opened on your account will immediately be closed.
The Hosted Documents feature is disallowed.
2) Once your retention setting is updated, please notify the DocRaptor Support Team at Support@DocRaptor.com. We'll confirm the retention setting update and prepare a Business Associate Agreement for e-signatures. To execute the BAA, please provide the support team with your company's legal name, appropriate email address for sending HIPAA-related notices, first and last name of the signee, and the signee's email address and title.
Support for your HIPAA-compliant DocRaptor account:
All Help Requests are disallowed. Do not email our support team any material containing PHI. We recommend completing development and testing prior to enabling HIPAA compliance mode. HIPAA compliance mode will not impact how your PDF is rendered.
If you have questions or concerns regarding HIPAA compliance, we recommend reaching out to us at Support@DocRaptor.com prior to enabling HIPAA Compliance Mode.