How HIPAA LINK meets HIPAA
Compliance is the foundation of the product, not an upsell. Here is a detailed, plain-language look at the agreement, the safeguards, and the data model that keep your sessions private.
A Business Associate Agreement, included
Under HIPAA, a platform that handles protected health information on behalf of a provider is a Business Associate and must sign a BAA. We include one on every plan.
Compliance is not behind a paywall
Many platforms reserve a BAA for their higher tiers. HIPAA LINK includes one on every plan, so a solo provider on the Free Plan has the same agreement in place as a large clinic. You are covered before your first client ever joins.
- Extends automatically to every seat you add
- The same safeguards regardless of plan
- Available to review during onboarding
Administrative, physical, and technical safeguards
The HIPAA Security Rule groups protections into three categories. Here is how HIPAA LINK addresses each.
Administrative
Access is role-based, provider accounts support two-factor authentication, and admins control who can manage staff, settings, and billing across an organization.
Physical
The platform runs on hardened, monitored cloud infrastructure with physical and environmental protections managed by the hosting provider.
Technical
Video, audio, and chat are encrypted in transit, sessions are access-controlled, and the platform is designed to hold as little sensitive data as possible.
The strongest safeguard is holding less
HIPAA LINK is designed to minimize the protected health information it touches in the first place.
Not an EMR
We do not store your clinical records. Notes you generate are yours to download and keep in the record system you already use.
No recording by default
Sessions are not recorded. Audio is only captured if a host launches the optional AI Progress Notes feature to generate a note, and you control when that runs.
Never sold
Client and provider data are never sold or used for advertising. They are used only to provide the service.
Only the right people, only in transit
Sessions are encrypted as they travel between you and your client, and access is limited by role. Clients join from a link with no standing account, which means there is no client login to compromise.
- Encryption protects video, audio, and chat in transit
- Admins decide who can see and manage what
- Consent is captured with an auditable signature
Shared responsibility
HIPAA compliance is a partnership. HIPAA LINK provides a compliant platform and a BAA; you remain responsible for how you use it, such as verifying client identity, using a private space for sessions, and following your own organization's policies. This page describes the platform and is not legal advice.
Good to know
Yes. A Business Associate Agreement is included at no extra cost on every plan, including Free, so you are covered from your first session.
No. HIPAA LINK is not an EMR and does not store your clinical records. Notes generated by AI Progress Notes are yours to download and keep in your own system.
Not by default. Sessions are only recorded if a host launches the optional AI Progress Notes feature, which records that session's audio to generate a note, then delivers it as a downloadable file. You control when it runs.
Video, audio, and chat are encrypted in transit, access is role-based, and provider accounts can use two-factor authentication. The platform is designed to hold as little PHI as possible.
Yes. HIPAA LINK is GDPR compliant in addition to HIPAA, and the experience is available in multiple languages including right-to-left support.
Compliant telehealth, from your first session
Start a 14-day free trial with a BAA included. No credit card required, and keep a free account after.