HIPAA Compliance and Data Protection
DPC Pro is built with HIPAA compliance in mind, providing encryption, access controls, audit logging, and data handling practices that help protect patient health information.
This page covers the technical and administrative safeguards DPC Pro provides to support your practice’s HIPAA obligations. While DPC Pro provides the platform-level controls, your practice is responsible for configuring and using those controls in accordance with your own compliance policies.
HIPAA Safeguards in DPC Pro
Section titled “HIPAA Safeguards in DPC Pro”DPC Pro implements safeguards across three areas required by the HIPAA Security Rule:
- Technical safeguards: role-based access control, audit logging, automatic session timeouts, and encrypted data transmission
- Administrative safeguards: configurable access policies, activity monitoring, compliance reporting tools, and an AI Assistant audit log for tracking AI-generated content
- Transmission safeguards: all data in transit between your browser and DPC Pro is encrypted using TLS
Encryption
Section titled “Encryption”DPC Pro encrypts data at multiple levels:
- In transit: all connections use HTTPS with TLS encryption
- At rest: data stored in the database and file storage is encrypted
- Application-level: sensitive clinical fields receive additional encryption beyond database-level protection. For details on sharing and printing clinical records, see Printing and Sharing
Business Associate Agreement (BAA)
Section titled “Business Associate Agreement (BAA)”As a HIPAA-covered entity, your practice may require a Business Associate Agreement with DPC Pro before storing protected health information on the platform. Contact the DPC Pro team to discuss BAA requirements for your practice.
Data Handling Practices
Section titled “Data Handling Practices”DPC Pro follows industry-standard practices for handling protected health information:
- Data is stored in secure, access-controlled environments
- Regular backups ensure data availability
- Access to production systems is restricted to authorized personnel
- All access to patient data is logged in the audit trail
Compliance Features for Your Practice
Section titled “Compliance Features for Your Practice”DPC Pro provides several features that directly support your practice’s HIPAA compliance program:
| HIPAA Requirement | DPC Pro Feature |
|---|---|
| Access control | Role-based access control with least-privilege roles |
| Audit controls | Activity logging of all access to patient records |
| Person authentication | Email-based login with optional multi-factor authentication and SSO |
| Transmission security | TLS encryption on all connections |
| Data integrity | Change tracking and audit trails on patient record modifications |
| Data export | Patient data export for Right of Access requests |
Related Pages
Section titled “Related Pages”- Your Account and Login
- Role-Based Access Control
- Audit Logging
- Data Ownership and Portability
- Single Sign-On
Need Help?
Section titled “Need Help?”For questions about DPC Pro’s compliance features or to request a BAA, contact the DPC Pro support team at [email protected].