Is Spruce HIPAA-compliant?
Yes. Spruce can be used in a HIPAA-compliant manner, provided that you have requested and signed a business associate agreement (BAA) with us. Typically, we sign BAAs during the checkout process, but let us know if you'd like to obtain one for your free trial period.
Any communication that occurs entirely on Spruce (app-to-app messaging with providers or patients, or telemedicine within a secure messaging thread) is inherently secure and encrypted. Communication through standard channels (e.g., email or texting) that occurs over Spruce can also be HIPAA-compliant, but this is situation-dependent. We wrote a white paper on the topic – please message us in Spruce Support or email firstname.lastname@example.org if you'd like a copy.
Standard telephone calls made via Spruce are compliant with the technical requirements of HIPAA, and Spruce stores any voicemails left for you in a way that is compatible with HIPAA.