Is Spruce HIPAA Compliant?
Is Spruce HIPAA-compliant?
Yes. Spruce can be used in a HIPAA-compliant manner, provided that you have requested and signed a business associate agreement (BAA) with us. Typically, we sign BAAs during the checkout process, but let us know if you'd like to obtain one for your trial!
Any communication that occurs entirely on Spruce (app-to-app messaging with providers or patients, or telemedicine within a secure messaging thread) is inherently secure and encrypted. Communication through standard channels (e.g., email or texting) that occurs over Spruce can also be HIPAA-compliant, but this is situation-dependent; we wrote a white paper on the topic, which if you'd like to read you can message us in Spruce Support.
Standard telephone calls made via Spruce are compliant with the technical requirements of HIPAA, and Spruce stores any voicemails left for you in a way that is compatible with HIPAA.