This page explains how MyNursePal supports HIPAA-ready deployments and our approach to protected health information (PHI). It does not replace your organization’s HIPAA policies or legal guidance.
1. MyNursePal and HIPAA
HIPAA applies when a “covered entity” (such as a hospital, clinic, or health plan) or its “business associate” creates, receives, maintains, or transmits PHI. When MyNursePal Pro is deployed for an organization, we can support HIPAA-aligned workflows and security controls.
2. Business Associate Agreement (BAA)
If your organization requires a BAA, we can provide one as part of an enterprise agreement. Please contact legal@mynursepal.com.
3. Security controls (high-level)
- Role-based access control and least-privilege permissions.
- Audit trails for key actions (access, edits, exports, administrative events).
- Encryption in transit; encryption at rest where supported by hosting configuration.
- Account security measures (secure sessions, password policies, and optional SSO where applicable).
3.1 Minimum necessary
We design workflows to support the “minimum necessary” principle by restricting access to patient data based on role and care context.
4. End-user responsibilities
Even in a HIPAA-ready deployment, users and organizations remain responsible for configuring roles, granting appropriate permissions, and ensuring that devices and credentials are protected.
5. Learn more
For details on how we collect and use information, see our Privacy Policy.