Back to Docs/Compliance and Security

Compliance and Security

HIPAA Basic Setup

The HIPAA Basic add-on ($200/month) enables a set of features designed to support HIPAA-compliant operation for organizations handling protected health information (PHI) in mediation or arbitration cases. It includes Business Associate Agreement tracking, AES-256 encryption for PHI fields, extended audit log retention, a compliance score dashboard, and annual risk assessment tools.

What you'll learn

  • What features HIPAA Basic enables
  • How PHI encryption works at the field level
  • What audit retention period applies with HIPAA Basic
  • How to access the compliance dashboard and score

What HIPAA Basic includes

  • BAA management — Track vendor Business Associate Agreements, including document links, renewal dates, and coverage status, from the compliance dashboard.
  • AES-256 PHI encryption — PHI fields are encrypted using AES-256 with AWS KMS key management. Encryption is applied at the field level, not just at rest on the disk. Each field has a per-field encryption context managed by KMS.
  • 6-year audit log retention — All platform actions are logged, and audit records are retained for 6 years (versus 90 days on Starter and 365 days on Professional without HIPAA).
  • Compliance dashboard — A dedicated view showing your compliance posture: BAA status, training completion, risk assessment status, and your overall compliance score (0–100).
  • Annual risk assessments — Risk assessment workflows are enabled in the compliance dashboard and count toward your compliance score.

Enabling HIPAA Basic

HIPAA Basic is available as an add-on on all plan tiers (Starter, Professional, and Enterprise). To enable it, go to Settings → Features & Add-Ons and add HIPAA Basic to your subscription. Once active, a HIPAA Compliance entry appears under Premium Features in the Settings menu.

Difference from HIPAA Enhanced

HIPAA Enhanced ($300/month) extends HIPAA Basic with PHI auto-detection, advanced redaction tools, 7-year audit retention, and breach detection alerts. Organizations with higher PHI exposure or stricter compliance requirements should consider HIPAA Enhanced. See HIPAA Enhanced Setup for details.

Related articles

Can't find what you're looking for? Contact Support

Having trouble with this feature?

Visit the Support Center for troubleshooting guides and how-to articles.

Go to Support Center →