GrowMoreClients is built on HIPAA-compliant infrastructure. Every layer of the platform is designed to protect Protected Health Information (PHI) in accordance with federal law.
GrowMoreClients operates on infrastructure that meets HIPAA Security Rule requirements for the protection of electronic Protected Health Information (ePHI). Pro plan clients receive a signed Business Associate Agreement (BAA).
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. PHI is never stored in unencrypted form.
Role-based access controls ensure only authorized users can access patient information. All access is logged and auditable.
Pro plan clients receive a signed BAA, establishing our legal obligations as a Business Associate under HIPAA regulations.
All access to PHI is logged with timestamps, user IDs, and action types. Logs are retained for 6 years as required by HIPAA.
In the unlikely event of a data breach, we follow HIPAA breach notification requirements — notifying affected parties within 60 days.
Our platform runs on SOC 2 Type II certified infrastructure with physical security, redundancy, and disaster recovery built in.
How GrowMoreClients meets HIPAA Security Rule requirements.
| HIPAA Requirement | Our Implementation | Status |
|---|---|---|
| Encryption of ePHI in transit | TLS 1.2+ on all data transmission | ✓ Compliant |
| Encryption of ePHI at rest | AES-256 encryption on all stored data | ✓ Compliant |
| Unique user identification | Individual login credentials for every user | ✓ Compliant |
| Automatic logoff | Session timeout after period of inactivity | ✓ Compliant |
| Audit controls | Complete audit log of all PHI access | ✓ Compliant |
| Access control | Role-based permissions and least-privilege access | ✓ Compliant |
| Integrity controls | Data integrity verification on all PHI | ✓ Compliant |
| Transmission security | Encrypted channels for all communication | ✓ Compliant |
| Business Associate Agreement | BAA available for Pro plan clients | ✓ Available |
| Breach notification procedures | Documented breach response plan in place | ✓ Compliant |
Business Associate Agreements are included with our Pro plan. If you're on a lower plan and need a BAA, contact us to discuss your options.
Contact Us About BAA →Questions about compliance? Email sales@cowaty.com