Pricing Security
Start 14-day free trial See plans
HIPAA compliance

How HIPAA LINK meets HIPAA

Compliance is the foundation of the product, not an upsell. Here is a detailed, plain-language look at the agreement, the safeguards, and the data model that keep your sessions private.

BAA on every plan Encrypted in transit No PHI stored GDPR compliant
The agreement

A Business Associate Agreement, included

Under HIPAA, a platform that handles protected health information on behalf of a provider is a Business Associate and must sign a BAA. We include one on every plan.

BAA included on Free, trial, and Paid
No extra cost, no paid tier required
Covers every provider on the account
In effect from your first session
Covered from the start

Compliance is not behind a paywall

Many platforms reserve a BAA for their higher tiers. HIPAA LINK includes one on every plan, so a solo provider on the Free Plan has the same agreement in place as a large clinic. You are covered before your first client ever joins.

  • Extends automatically to every seat you add
  • The same safeguards regardless of plan
  • Available to review during onboarding
The Security Rule

Administrative, physical, and technical safeguards

The HIPAA Security Rule groups protections into three categories. Here is how HIPAA LINK addresses each.

Administrative

Access is role-based, provider accounts support two-factor authentication, and admins control who can manage staff, settings, and billing across an organization.

Physical

The platform runs on hardened, monitored cloud infrastructure with physical and environmental protections managed by the hosting provider.

Technical

Video, audio, and chat are encrypted in transit, sessions are access-controlled, and the platform is designed to hold as little sensitive data as possible.

Data handling

The strongest safeguard is holding less

HIPAA LINK is designed to minimize the protected health information it touches in the first place.

Not an EMR

We do not store your clinical records. Notes you generate are yours to download and keep in the record system you already use.

No recording by default

Sessions are not recorded. Audio is only captured if a host launches the optional AI Progress Notes feature to generate a note, and you control when that runs.

Never sold

Client and provider data are never sold or used for advertising. They are used only to provide the service.

End-to-end encryption in transit
Two-factor authentication for providers
Role-based admin and staff access
Client joins with no account or download
Signed teleconsent with timestamp and IP
Access & encryption

Only the right people, only in transit

Sessions are encrypted as they travel between you and your client, and access is limited by role. Clients join from a link with no standing account, which means there is no client login to compromise.

  • Encryption protects video, audio, and chat in transit
  • Admins decide who can see and manage what
  • Consent is captured with an auditable signature

Shared responsibility

HIPAA compliance is a partnership. HIPAA LINK provides a compliant platform and a BAA; you remain responsible for how you use it, such as verifying client identity, using a private space for sessions, and following your own organization's policies. This page describes the platform and is not legal advice.

Compliance questions

Good to know

Yes. A Business Associate Agreement is included at no extra cost on every plan, including Free, so you are covered from your first session.

No. HIPAA LINK is not an EMR and does not store your clinical records. Notes generated by AI Progress Notes are yours to download and keep in your own system.

Not by default. Sessions are only recorded if a host launches the optional AI Progress Notes feature, which records that session's audio to generate a note, then delivers it as a downloadable file. You control when it runs.

Video, audio, and chat are encrypted in transit, access is role-based, and provider accounts can use two-factor authentication. The platform is designed to hold as little PHI as possible.

Yes. HIPAA LINK is GDPR compliant in addition to HIPAA, and the experience is available in multiple languages including right-to-left support.

Compliant telehealth, from your first session

Start a 14-day free trial with a BAA included. No credit card required, and keep a free account after.

Start 14-day free trial Security overview
HIPAA and GDPR compliant · BAA included · No PHI stored
Start free trial See plans