Back to Documentation

Security & Compliance

Nurse Charting Pro is built with enterprise-grade security and HIPAA compliance at its core to protect sensitive patient information.

HIPAA Compliance

Our Commitment to HIPAA

Nurse Charting Pro is designed and operated to meet all HIPAA (Health Insurance Portability and Accountability Act) requirements for protecting electronic protected health information (ePHI).

HIPAA Safeguards Implemented

Administrative Safeguards:
  • Comprehensive security policies and procedures
  • Role-based access control (RBAC)
  • Regular security training for team members
  • Business Associate Agreements (BAAs) available
  • Designated security and privacy officers
Physical Safeguards:
  • Data centers with 24/7 physical security
  • Biometric access controls
  • Redundant power and network systems
  • Secure disposal of hardware and media
Technical Safeguards:
  • End-to-end encryption for all patient data
  • Unique user identification and authentication
  • Automatic session timeouts
  • Audit logging and monitoring
  • Regular security assessments and penetration testing

Business Associate Agreement

We provide a comprehensive Business Associate Agreement (BAA) to all healthcare facilities using Nurse Charting Pro. The BAA establishes our obligations to safeguard ePHI and comply with HIPAA requirements.

Request a BAA →

Data Encryption

Encryption in Transit

All data transmitted between your device and our servers is encrypted using industry-standard protocols:

  • TLS 1.3 encryption for all network communications
  • Perfect Forward Secrecy (PFS) for enhanced security
  • Certificate pinning to prevent man-in-the-middle attacks
  • Secure WebSocket connections for real-time features

Encryption at Rest

Patient data is encrypted when stored on our servers and on your device:

  • AES-256 encryption for database storage
  • Encrypted backups with separate encryption keys
  • Local device storage encrypted using OS-level encryption
  • Secure key management using industry best practices

Key Management

Encryption keys are managed using hardware security modules (HSMs) and are rotated regularly according to security best practices. Keys are never stored alongside encrypted data.

Audit Logs & Accountability

Comprehensive Audit Trail

Every action in Nurse Charting Pro is logged to maintain a complete audit trail for compliance and security purposes.

What We Log

  • User login and logout events with timestamps
  • Chart creation, modification, and deletion
  • Patient record access and views
  • Configuration changes and administrative actions
  • Export and sharing activities
  • Failed authentication attempts

Audit Log Features

  • Tamper-Proof: Audit logs cannot be modified or deleted by users
  • Long-Term Retention: Logs retained for minimum 7 years
  • Searchable: Administrators can search and filter audit logs
  • Exportable: Export logs for compliance reporting

Accessing Audit Logs

Administrators and authorized personnel can access audit logs through Settings > Security > Audit Logs. Logs include detailed information about user actions, timestamps, and affected records.

Access Control & Authentication

Multi-Factor Authentication (MFA)

Enhance account security with optional multi-factor authentication:

  • Time-based one-time passwords (TOTP)
  • SMS verification codes
  • Biometric authentication (fingerprint, Face ID)
  • Hardware security keys (FIDO2/WebAuthn)

Password Requirements

Strong password policies are enforced:

  • Minimum 12 characters required
  • Must include uppercase, lowercase, numbers, and symbols
  • Password history prevents reuse of recent passwords
  • Regular password expiration (configurable)

Session Management

  • Automatic logout after period of inactivity
  • Secure session tokens with automatic rotation
  • Device management - view and revoke active sessions
  • Forced logout on password change

Data Privacy & Protection

Data Minimization

We collect and store only the minimum data necessary to provide our service. Patient data is never used for purposes beyond healthcare delivery and is never sold to third parties.

Data Retention & Deletion

  • Configurable data retention policies
  • Secure deletion methods that prevent data recovery
  • Right to request data deletion (subject to legal requirements)
  • Automated archival of old records

Data Backup & Recovery

  • Automated encrypted backups every 4 hours
  • Geographically distributed backup storage
  • Regular backup restoration testing
  • 99.9% uptime SLA with disaster recovery plan

Infrastructure Security

Secure Hosting

Our infrastructure is hosted on enterprise-grade cloud providers with HIPAA compliance certifications:

  • SOC 2 Type II certified data centers
  • 24/7 security monitoring and incident response
  • DDoS protection and traffic filtering
  • Network segmentation and isolation
  • Regular security patches and updates

Third-Party Security Assessments

  • Annual penetration testing by certified security firms
  • Regular vulnerability scans and remediation
  • Code security reviews and static analysis
  • Compliance audits and certifications

Security Questions or Concerns?

Our security team is available to answer questions about our security practices, assist with BAA execution, or address any compliance concerns.

Contact Security Team →

Related Documentation

Configuration →

Configure security settings

Privacy Policy →

Read our privacy policy

Enterprise Security Solutions

Need advanced security features or custom compliance requirements?