HIPAA Compliance

Nurse Charting Pro is designed from the ground up to protect electronic Protected Health Information (ePHI) through a local-only, encryption-first architecture.

Our Approach: Eliminate Risk at the Architecture Level

Most healthcare apps try to secure PHI after collecting it on a server. We took a different approach: PHI never leaves your device. There is no central database to breach, no cloud account to compromise, and no data retained after your shift ends. Combined with AES-256 encryption and platform-native key management, this architecture satisfies HIPAA technical safeguard requirements by design, not by policy alone.

HIPAA Rules We Address

Privacy Rule

45 CFR Part 160 and Part 164, Subparts A and E. We minimize data collection, never sell PHI, and give nurses full control over when data is shared or destroyed.

Security Rule

45 CFR Part 164, Subpart C. AES-256 encryption at rest, TLS 1.3 in transit, platform-native access controls, and audit logging meet the administrative, physical, and technical safeguard requirements.

Breach Notification Rule

45 CFR Part 164, Subpart D. Our local-only design dramatically reduces breach surface. In the unlikely event of a security incident, we follow HHS notification timelines and procedures.

Technical Safeguards

AES-256 Encryption at Rest

All patient data is encrypted with AES-256-CBC before it touches disk. Encryption keys are generated per device and stored in the iOS Keychain or Android Keystore. Keys are never exported and never backed up to the cloud.

Local-Only Architecture

PHI never leaves your device. There is no cloud database, no server-side patient storage, and no PHI in analytics or crash reports. This eliminates entire categories of breach risk.

End-of-Shift Crypto-Shredding

When you end your shift, the app overwrites all PHI storage keys with random data, deletes them from storage, and destroys the encryption key from the secure enclave. Even forensic recovery of disk remnants yields only ciphertext with no key.

No Cloud Backups of PHI

App data is excluded from iCloud backup on iOS. On Android, backup is disabled at the manifest level. Patient data exists only on the device during the active shift.

De-identified Narrative Generation

AI narrative requests contain clinical observations only (no patient names, MRNs, dates of birth, or other identifiers). The data sent for narrative generation is not PHI. Requests are transmitted over TLS 1.3 to our server-side proxy, which validates your subscription and forwards to OpenAI. The OpenAI API key never ships in the app bundle.

EHR Transmission Controls

Optional EHR integration uses SMART on FHIR with OAuth 2.0 + PKCE. Data flows from your device to the EHR, using our secure proxy as a conduit for token exchange and request forwarding where required. The proxy does not store or log request bodies or PHI.

Administrative Safeguards

  • Business Associate Agreements (BAAs): We execute BAAs with healthcare facilities upon request.
  • Workforce Training: Our development team receives regular security and HIPAA awareness training.
  • Incident Response: Documented procedures for identifying, containing, and reporting security incidents within HHS-required timelines.
  • Risk Assessments: We conduct periodic risk analyses of our architecture, code, and operational processes.
  • Designated Privacy & Security Officers: Named individuals responsible for HIPAA compliance oversight.

What We Don't Do

  • We do not store PHI on our servers or in any cloud database.
  • We do not sell, rent, or share patient data with third parties for marketing.
  • We do not include PHI in analytics, crash reports, or logs.
  • The app is designed to transmit clinical observations for narrative generation. Nurses are instructed not to include identifying information in free-text fields, with the design intent that these transmissions remain de-identified.
  • We do not back up patient data to iCloud or Google Drive.
  • We do not retain PHI after a nurse ends their shift.

Breach Notification

In the unlikely event of a security incident involving ePHI, we will notify affected covered entities within 10 days of discovery, giving covered entities adequate time to meet their own obligations under the HIPAA Breach Notification Rule (45 CFR 164.410). Our incident response process includes:

  • Immediate containment and investigation of the incident
  • Written notification to affected covered entities describing the nature of the breach, the types of information involved, and recommended mitigation steps
  • Cooperation with covered entities on individual and HHS notifications as required
  • Post-incident review and remediation to prevent recurrence

To report a security concern, contact security@nursechartingpro.com. We respond to all security inquiries within 2 business days.

Data Handling Practices

  • Minimum Necessary Standard: The app collects only the clinical data required to generate nursing documentation. No extraneous patient information is requested or stored.
  • Data Ownership: Your facility owns all clinical documentation created using Nurse Charting Pro. We claim no rights to patient data or generated narratives.
  • Automatic Deletion: All PHI is destroyed via crypto-shredding when a nurse ends their shift. There is no data to delete on termination because nothing persists beyond the active session.
  • No Secondary Use: Patient data is never used for marketing, research, analytics, or model training. De-identified clinical observations sent for narrative generation are not retained by our AI provider.

Third-Party Services

ProviderPurposePHI Access
OpenAIAI narrative generationNone. Receives de-identified clinical observations only.
VercelMarketing website hosting, API proxyNone. The proxy validates subscriptions and forwards de-identified data. No PHI is logged or stored.
RevenueCatSubscription managementNone. Handles only anonymous app user IDs and purchase receipts.
MixpanelProduct analyticsNone. Receives only anonymous usage events. No patient data is ever transmitted.
AppsFlyerInstall attribution (optional)None. Tracks only anonymous install events for ad campaign measurement. No BAA in place as no PHI is transmitted.
Epic / Oracle HealthOptional EHR integration (SMART on FHIR)Nurse-initiated only. Narratives flow to the EHR via a secure conduit. Our proxy handles token exchange and request forwarding without storing or logging PHI.

No third-party service receives, stores, or processes PHI on our behalf. Because our architecture keeps PHI local to the device, these services operate outside the scope of PHI handling.

Shared Responsibility

HIPAA compliance is a shared responsibility between Nurse Charting Pro (as a business associate) and your healthcare facility (as a covered entity). Our app provides the technical controls. Your facility is responsible for:

  • Ensuring nurses use the app on secured, authorized devices
  • Maintaining organizational HIPAA policies and training
  • Controlling who has access to the app within your workforce
  • Reviewing and executing a Business Associate Agreement with us

Request a Business Associate Agreement

We provide a comprehensive BAA to all healthcare facilities using Nurse Charting Pro. Contact us to get started.

Contact Us

Related

Privacy Policy

How we collect, use, and protect your data.

Security & Compliance

Detailed security architecture and controls.

Enterprise

Solutions for healthcare facilities and agencies.

Compliance Contact

We respond to all compliance and security inquiries within 2 business days.

Last updated: April 2026