NursePal

HIPAA Compliance

Our commitment to protecting sensitive health information and maintaining the highest standards of privacy and security.

HIPAA Compliant
Secure Infrastructure
Audit Logging

Effective Date: March 16, 2026

The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards for protecting sensitive patient health information. Our platform is designed with HIPAA compliance principles in mind, implementing safeguards intended to protect Protected Health Information (PHI) when applicable.

This page outlines our approach to HIPAA compliance and the measures we strive to maintain to protect health-related data on our platform. The information below describes our goals and practices but does not constitute a guarantee of compliance in all circumstances.

Important: This page is provided for informational purposes only and does not constitute legal advice or a certification of HIPAA compliance. Security practices and compliance measures are subject to ongoing review and change. Organizations should conduct their own due diligence and consult qualified legal and compliance professionals regarding HIPAA requirements applicable to their specific circumstances.

Our Compliance Commitment

We are committed to maintaining the privacy and security of Protected Health Information in accordance with HIPAA requirements, including:

  • Privacy Rule: Protecting individuals' medical records and other personal health information
  • Security Rule: Implementing administrative, physical, and technical safeguards
  • Breach Notification Rule: Providing notification in the event of a breach of unsecured PHI

Technical Safeguards

We strive to implement robust technical controls to protect sensitive data, including but not limited to:

  • Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
  • Access Controls: Role-based access ensuring users only access necessary information
  • Authentication: Secure login mechanisms with multi-factor authentication options
  • Audit Logging: Comprehensive logging of system access and activities
  • Session Management: Automatic session timeouts and secure session handling

Administrative Safeguards

Our administrative measures ensure ongoing compliance and security awareness:

  • Designated security and privacy personnel
  • Regular workforce training on privacy and security practices
  • Documented policies and procedures for handling PHI
  • Periodic risk assessments and security evaluations
  • Incident response and breach notification procedures
  • Business Associate Agreements with applicable third parties

Physical Safeguards

We utilize secure infrastructure with appropriate physical protections:

  • SOC 2 compliant cloud infrastructure providers
  • Data center access controls and monitoring
  • Secure backup and disaster recovery systems
  • Device and workstation security policies

Your HIPAA Rights

Right to Access

You have the right to view and obtain copies of your PHI maintained on our platform.

Right to Amend

You may request amendments to your PHI if you believe it is inaccurate or incomplete.

Right to Notification

You will be notified in the event of a breach affecting your unsecured PHI.

Right to Restrict

You may request restrictions on certain uses and disclosures of your PHI.

Business Associates

When we engage third-party service providers who may have access to PHI, we enter into Business Associate Agreements (BAAs) that require them to maintain appropriate safeguards and comply with HIPAA requirements. We carefully evaluate our business associates and their security practices.

Legal Notice

The security measures and compliance practices described on this page represent our current approach and are subject to change. While we make commercially reasonable efforts to maintain the safeguards described, no security system is impenetrable and we cannot guarantee that our measures will prevent all unauthorized access to or disclosure of information.

NursePal provides its platform and services "as is" and makes no warranties, express or implied, regarding the effectiveness of any security measures or compliance practices. To the maximum extent permitted by law, NursePal shall not be liable for any unauthorized access to, or disclosure of, information stored on or transmitted through the platform.

For complete terms governing your use of the platform, please review our Terms & Conditions and Privacy Policy.

Questions About HIPAA Compliance?

If you have questions about our HIPAA compliance practices or wish to exercise your rights regarding PHI, please contact us.

Email: support@nursepal.com