A Deeper Dive into AI Security & HIPAA

Understanding the security measures that protect you and your clients is essential. At CheckpointEHR, we are dedicated to safeguarding the data on our platform and have put several measures in place to ensure its security. We recognize that trust is vital in our industry, and we are committed to protecting our customers' data.

Compliance and Certifications

We adhere to multiple globally recognized standards to ensure your data is handled with the utmost care.

  • HIPAA Compliant: We comply with the strict standards set by the Health Insurance Portability and Accountability Act (HIPAA) to ensure the confidentiality, integrity, and availability of Protected Health Information (PHI).
  • GDPR Compliant: We follow the data regulations established by the GDPR, UK GDPR, and UK DPA to provide important security measures for the protection of personal data of individuals within the EU and UK. Combining US and EU standards, we also meet and exceed US state and federal laws for security and privacy of data.
  • SOC 2 Compliant: We have obtained SOC 2 certification, a globally recognized standard for organizational and technical security controls. SOC 2 compliance ensures that our security controls, policies, and procedures are designed to protect customer data against unauthorized access, disclosure, alteration, and destruction.

How We Keep Protected Health Information (PHI) Safe

Our platform infrastructure and data handling protocols are designed for maximum security.

  • Secure Infrastructure: We use AWS for our cloud infrastructure and storage, a highly secure and reliable vendor.
  • Data Availability: We take appropriate measures to ensure the availability of personal data. This includes implementing backup and disaster recovery procedures to ensure that personal data is available in the event of an unexpected outage or disaster.
  • Record-Level Encryption: All customer PII and PHI data is protected by record-level encryption. This helps to protect data in case of a security breach and ensures that only authorized personnel can access the data.
  • Pseudonymized Data: Personal data, including PHI, processed by the platform, is stored in a pseudonymized format. This means that personal data is not stored in its original form but is instead replaced with a random identifier. This process ensures that personal data is not directly identifiable, reducing the risk of unauthorized access.
  • Security Incident Readiness: In the event of a security incident, we have a security incident policy and protocol to follow to ensure fast resolution and mitigation of harm to personal data.

Access Control and Clinician Oversight

Access to sensitive information is strictly controlled at both the technical and user level.

  • Access Management: We implement a strong security culture and access management protocols to prevent unauthorized access to personal data. Access is strictly controlled and limited to individuals who require it to perform their job functions. All access to personal data is logged and monitored, and access rights are reviewed regularly.
  • Designed for Therapy: This AI tool was built by therapists, for therapists. Unlike consumer AI, it is designed with the specific privacy and security needs of a clinical practice in mind.
  • Clinician Control: You, the therapist, are in complete control of the care plan and the final notes. The AI is an assistant, not a replacement for your expertise, and your trust and your clients' privacy are our top priorities.